Configuring SSO with Microsoft Azure

Last updated June 16, 2022
Written by Alex Moloney

Enabling Single Sign-On (SSO) for your staff allows them to log into Felix using their corporate credentials.

Users will need the Manage Single Sign-On Settings permission to perform the following actions.

Getting started

Configuring and implementing SAML SSO will require the involvement of your IT team. Both your identity provider and Felix account will need to be configured to allow users access to Felix. If you aren't assisting with the set up yourself, your IT team will require a Felix account to access the SSO settings page.

Changes to SSO can impact the access your users have to Felix. We recommend making your users aware ahead of any changes ahead of time, and having a rollback plan in place.

Enable SSO in Felix

To enable SSO within Felix:

  1. Navigate to the Felix login page
  2. Log in using your service user details.
  3. Navigate to Settings > Single Sign On
  4. Check the Enable Single Sign-On checkbox
  5. Click the Update Configuration button

Configure your identity provider (Microsoft Azure)

To configure your identity provider:

  1. Open Microsoft Azure Active Directory
  2. Navigate to the Enterprise Applications page
  3. Create a new application
  4. Configure the application to use SAML 2.0
  5. Copy the Azure AD Identifier from Azure to the Identity Provider Entity ID field within Felix
  6. Copy the Login URL from Azure to the Identity Provider SSO URL field within Felix
  7. Configure the Signing Option to Sign SAML response and assertion
  8. Download the Base 64 SAML Signing Certificate

Make sure to confirm the SAML signing certificate Signing Option is set to "Sign SAML response and assertion" before proceeding. If you make changes to this setting it will change the Base 64 SAML Signing Certificate.

Configure SSO within Felix

To configure SSO within Felix:

  1. Open the Base 64 SAML Signing Certificate in a text editor
  2. Copy the certificate into the Public x509 Certificate field within Felix
  3. Copy the SP Entity ID from Felix to to the Identifier (Entity ID) field within Azure
  4. Copy the SP Assertion Consumer Service URL from Felix to the Reply URL (Assertion Consumer Service URL) field within Azure.
  5. Click the Update Configuration button

Testing your SSO configuration

To test your SSO configuration:

  1. Open a new incognito tab or private browsing window
  2. Navigate to the Felix login page
  3. Log in to Felix using your corporate credentials
  4. Verify that you are logged in with the correct permissions

Do not log out of your account when testing your SSO configuration. Ensure that SSO is operating as expected in an incognito window or alternate web browser to prevent losing access to your account.

Was this article helpful?