Single Sign-On (SSO)

Single Sign-On (SSO) is a technology that allows users to access multiple software systems with a single set of credentials. Users with an email address provisioned by their organization link their ALIS account to their Microsoft identity for SSO.

ALIS currently supports Microsoft Entra:

• AzureAD
• Office 365

Benefits of SSO

SSO typically provides more benefit to corporate-level employees than community teams due to some of the core functions of their roles. Explore how SSO can boost your company's operational practices: 

Improved User Experience

•  Reduced Login Time: Users only need to remember and enter one set of credentials to access multiple applications.  
•  Enhanced Productivity: Less time spent on logins means more time can be focused on tasks.  
•  Streamlined Access: Users can easily navigate between applications without having to log in to each one individually.

Enhanced Security

•  Reduced Risk of Data Breaches: Fewer passwords to manage means a lower risk of password reuse or compromise.  
•  Stronger Authentication Methods: SSO often supports multi-factor authentication (MFA) for added security.
•  Centralized Access Management: Administrators can control access to applications and enforce security policies more effectively.  

Increased Efficiency

•  Reduced IT Support: Fewer password resets and account lockouts are required.  
•  Simplified Onboarding and Offboarding: New users can be granted access to multiple applications with a single process.  
•  Improved Compliance: SSO can help organizations meet compliance requirements by providing better control over access and audit trails.

SSO Setup Requirements

Setting up SSO in ALIS requires a Company IT administrator to share credentials from the Azure Portal. The below values are created in Azure Portal, and the company contact will require administrator privileges in Azure Portal. 

Details needed from IT administrator: 

• Directory ID
• Application ID
• Client Secret Value

Users must also have a valid email address on their staff account that matches an email address from their company’s Active Directory. Note that once a user account is linked to SSO, they will not be able to log in with their ALIS credentials unless a company administrator edits their login settings.

How to Set up SSO  

Initiate SSO setup by contacting our ALIS Customer Success Team. They will connect you to our Integrations team via email and prompt you to acquire your Directory ID, Application ID, and Client Secret Value. Our Integrations Team and your Account Manager or Onboarding Specialist will then guide you through the process of Registration and Authentication in the Azure Portal as well as ALIS App installation.

If you are an IT administrator, follow these steps to set up SSO for your company: 

Step 1: Create a New App Registration in Azure Portal

1. Log in to the Azure Portal (ideally as an Administrator), and click on the Microsoft Entra ID.
2. Click on App registrations.
3. Click on New registration.

Step 2: Registration Configuration

1. In the Name field, type the Application Name: "{CompanyName} - ALIS SSO"
2. Under the Supported account types section, leave the default response: Accounts in this organizational directory only (Default Directory only - Single tenant)
3. Below the Redirect URI section:
   • Select Web from the platform dropdown menu.
   • Type your company URI into the field using this format: https://{companyname}.alisonline.com/ExternalLoginCallback
4. Click Register. 

Step 3: Authentication

After registering the application, you will be redirected to the Client Authentication overview page. These steps should be completed by your company's IT administrator. 

Authentication, Part 1

1. Click on Authentication. 
2. Below the Implicit grant and hybrid flows section, select ID tokens (used for implicit hybrid flows)
3. Under the Supported account types section, select Accounts in this organization directory only (Default - Single tenant).
4. Click Save.

Authentication, Part 2

1. Click on Certificates & secrets, and +New client secret with the Description, "ALIS - Single Tenant Secret". 
2. Be sure to store the Value and Secret ID in a secure place as these must be added to the SSO App Page in the ALIS App Store (see Step 4: ALIS App Store Installation).
   1. 1. • The IT administrator must update the ALIS App Store Settings for SSO with the new secret each time it expires. 

Authentication Complete

Once these values have been created: 

1. Select Overview from the top-left.
2. All values to be entered into the SSO App in the ALIS App Store are available in the "Essentials" window.
3. Save them securely as you will need them later.

Step 4: ALIS App Store Installation 

Once your registration in the Azure Portal is complete (Step 1), you will then need to install the app in our ALIS App Store to finalize the configuration.

1. Log into ALIS and navigate to the App Store.

2. Under the Available tab, type "Entra SSO" in the App Name search field. Then, click the Entra SSO "tile" to open the App page. 

3. On the Manage App page, click Install. 

4. Under the Configure tab, scroll to the Outbound Connections (Webhook, SFTP/FTP) section. Input the Directory ID, Application ID, and Client Secret Value, and click Save.

Related Articles: 

• ALIS Login Basics

For more assistance with Single Sign-On,

Contact our ALIS Customer Success Team

 888.404.ALIS (2547) or support@go-alis.com