Dashboard Single Sign-On (SSO) - Azure – StatusDashboard Support

The following recommended configuration settings should be utilized when configuring a status dashboard to authenticate users using Azure Active Directory as the identity provider.

Azure Settings

Create the Azure Application

Login to the Azure Active Directory admin center.
Select Enterprise applications from the navigation tree.
Select New Application > Create your own application > Non-gallery application.
Enter a unique name (e.g., StatusDashboard - Dashboard) and click the Add button.

Configure the Azure StatusDashboard Application (Users)

Select Enterprise applications from the navigation tree.
Select the application that was created in the previous step.
Select the Assign users and groups tile.
Add any relevant users to the new application to authorize them to authenticate.

Configure the Azure StatusDashboard Application (SAML)

Select Enterprise applications from the navigation tree.
Select the application that was created in the previous step.
Select the Set up single sign on tile.
Configure the following settings:
- Step (1) - Basic SAML Configuration
  - Identifier (Entity ID): Enter the settings from the StatusDashboard Service Provider, Entity ID / Issuer field.
  - Reply URL: Enter the settings from the StatusDashboard Service Provider, Assertion Consumer Service (ACS) field.
  - Sign on URL: Leave field blank.
  - Relay State: Leave field blank.
  - Logout Url: Leave field blank
- Step (2) - User Attributes & Claims
  - Change the claim Unique User Identifier (Name ID) from user.userprincipalname to user.mail.
- Step (3-4) - Information contained within these steps will need to be entered within the StatusDashboard interface.

The StatusDashboard configuration settings needed for this section can be found within the StatusDashboard administration portal here: Status Dashboards > Edit > Dashboard Options > Single Sign-On

StatusDashboard Settings - Service Provider

In order to configure the StatusDashboard Service Provider settings, login to StatusDashboard and browse to the following location: Status Dashboards > Edit > Dashboard Options > Single Sign-On. Configuration settings are listed in the following table and should be entered in the Service Provider section of StatusDashboard:

Configuration Setting	Instructions	Notes
Sign AuthN Request	Disabled
Sign Logout Request	Disabled
Sign Logout Response	Disabled
Sign Metadata	Disabled	This option can be set either way and is not dependent on the ADFS configuration.
Signature Algorithm	rsa-sha1	Can be set to whatever the ADFS configuration requires
Digest Algorithm	sha1	Can be set to whatever the ADFS configuration requires
Encrypt Name ID	Disabled
Include Authentication Context	Disabled

StatusDashboard Settings - Identity Provider

In order to configure the StatusDashboard Identity Provider settings, login to StatusDashboard and browse to the following location: Status Dashboards > Dashboard > Edit > Options > Single Sign-On. Configuration settings are listed in the following table and should be entered in the Identity Provider (IdP) section of StatusDashboard:

Configuration Setting	Instructions	Notes
Entity ID / Issuer	Enter the Azure AD Identifier from step 4 of the basic Azure configuration created above.
Single Sign-On (SSO) Service URL	Enter the Azure Login URL from step 4 of the basic Azure configuration created above.
Single Logout Service (SLO) URL		Microsoft Azure does not currently support SLO
IdP Logout URL	https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0	When not using SLO, this URL will end the user's Azure session when logging out of StatusDashboard.
Logout Redirect URL		Not currently supported
x509 Certificate	Download the certificate from step 3 of the basic Azure configuration created above - Certificate (Base64) and enter the text here.
Require Message Signature	Disabled
Require Assertion Signature	Enabled
Require NameID Encryption	Disabled