Highfive Admin users on the Standard or Professional plan can enable SSO, or single sign-on, which allows your users to log-in to Highfive with an identity management solution you've already set up. This article will help you configure SSO specifically for Azure / Office 365.
What you'll need:
- Google Chrome, Microsoft Edge, or Firefox web browser
- Be a Highfive Admin
- Azure Active Directory
- In your web browser, go to your Domain Dashboard.
- Use regular mode for this process: Do not use Private or In Private mode as these are known to interfere with the process and generic errors.
- Click on the Authentication tab and then Start Configuration.
- In Azure, you will need to set up a new enterprise application for Azure Active Directory.
- Our Highfive application will be under the non-gallery application set up. Once the new application is set up, please follow the instructions below.
- Go to Manage>Single Sign-on.
- Grab the Highfive SSO URL from the domain dashboard and paste it into the field Reply URL in Azure.
- Next, we need to edit the SAML Token Attributes. Azure has some default attributes set up, you will need to delete those and add the attributes above instead. See below for the appropriate attributes to add:
Important: For user.email, you may need to choose a different attribute that isn't user.userprincipalname. It will depend on your configuration, but your selection should be the one that returns a user's email address.
- Copy the following information and paste them into the appropriate field. The image below is an example of where you can plug in the required details.
- SAML Signing Certificate (found in the Manage>Single Sign-on)> SAML Provider X.509 Certificate
- User Access URL (Manage>Properties) > SAML Provider URL
- SAML Entity ID (Manage>Single Sign on> Configure Chosen Name of App)> SAML Provider Issuer
- Click on Test Configuration to check the configuration. If that is successful the Apply Configuration option will show up to save.
- You're almost done! The next step is to actually test the configuration.
- Open an Incognito (Chrome) or InPrivate (Edge) window and sign-into Highfive with this link. This step is highly recommended so that you are able to revert your changes within the original browser window if something unexpected occurs. You can open a new private browsing window by going to your browser Settings > New Incognito or InPrivate window.
- If something unexpected does occur and you are not logged into Highfive properly, you can navigate back to your original web browser window and click on Disable SAML, which will revert the changes.
- The correct configuration will bring you to the Highfive home page where you can start and join meetings or share your screen.
For assistance with Azure SSO set up, please contact Highfive Support at firstname.lastname@example.org.