US English (US)
ES Spanish

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • Contact Us
English (US)
US English (US)
ES Spanish
  • Home
  • AutoElevate Knowledgebase
  • General & Troubleshooting

SSO with Entra AD

Learn how to enable and configure single sign-on (SSO) with Azure Active Directory (Azure AD).

Written by Owen Parry

Updated at September 23rd, 2024

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

  • AutoElevate Knowledgebase
    New to AutoElevate? START HERE General & Troubleshooting Managing Rules Integrations Announcements FAQ Sales & Marketing
  • Password Boss Knowledgebase
    Using Password Boss Business Administration Password Boss Partner Documents Password Boss WebApp
  • Changelogs for Autoelevate and Password Boss
  • Current Status
+ More

Table of Contents

Important notes about setting up SSO with Entra AD Enable Entra AD SSO Co-managed Users Enforcing SSO

Provision new users and sign onto AutoElevate with your Entra AD identity provider. Setup with a single click and a quick mapping of your Entra users/groups to AutoElevate roles. This mapping allows you to manage the roles of your AutoElevate users, which have access, right from Entra AD.

Important notes about setting up SSO with Entra AD

  • Only an AE Administrator can enable this service.
  • Only an Entra AD user with proper permissions, such as a Global Administrator, can accept permissions and add users.
  • Entra AD multi-factor authentication (MFA) is required to log in with the ID Provider. This can be enabled under Users > Per-user MFA in Entra AD or with Conditional Access.
  • This feature is only for Admin, Technicians, and those who wish to provide access to the AE Admin Portal and not end users.
  • Only one role can be assigned to a user account and is required to access the AE Admin Portal.
  • AE user email must match the Entra AD user account.
 


 

Enable Entra AD SSO

  1. From the (1) Settings screen in the AE Admin Portal https://msp.autoelevate.com, you will need to (2) edit the Single Sign On option (pencil icon) 


     
  2. Then click the ENABLE SSO WITH Entra AD button. It will redirect you to log in to your Microsoft account and accept permissions (requires a user with appropriate permissions, such as Global Administrator). You will also have the option to consent on behalf of your organization.

     
     
  3. MFA for SSO integration can be delegated to Custom Control in Entra AD (for 3rd party MFAs such as DUO). To enable this feature, navigate to the Settings tab > Single Sign On and click on the pencil icon. From there, you will find a checkbox labeled Delegate MFA to Custom Control in Entra AD. Simply check this box and a prompt will appear with the terms. Confirm then SAVE.
     
  4. Now you can assign Entra AD users to the proper AutoElevate role by Going to Enterprise Applications in Entra AD and select (1) All applications and clicking on the (2) AutoElevate app that has been added. 


     
  5. Click on (1) Assign users and groups. 


     
  6.  Click on the user/group >Click (1) Select a role: None Selected > (2) Select role on the right (default roles)  > (3) Click Select (bottom right) > (4) Click Assign (bottom left)


     
  7. Once these steps are taken, it can take from 30 seconds to a minute to add and propagate through the system.
     
  8. Once complete, the user can log in from the AE Admin Portal using LOG IN WITH Entra AD on the AE Admin Portal login page.
     

Co-managed Users

The default setting for Company Access is All Companies. To customize this, navigate to the Users screen in the AE Admin Portal for each user.

When setting up a co-managed user or one with restricted company access, follow these steps:

  1. Begin by creating the user in the AE Admin Portal, specifying their role and company access. Make sure to click 'SAVE' without sending an email.
     
  2. Proceed to Entra AD to finalize the setup by assigning the appropriate role to the user.
     
  3. For a co-managed user, you can include them in your Entra AD tenant as an external user.
     
 

Enforcing SSO

From the User screen Actions menu, you can Remove Password for existing users to enforce SSO.

 

 

single sign-on azure ad identity management azure auth sso sso with azure ad

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Entra (formally Azure) Active Directory Connector for Password Boss
  • Active Directory Connector
  • Products
    • Privileged Access Management
    • Password Management
  • Solutions
    • For MSPs
    • For IT Pros
    • By Industry
  • Resources
    • Weekly Demos
    • Events
    • Blog
    • FAQ
  • Company
    • Leadership
    • Culture + Values
    • Careers
    • Awards
    • News & Press
    • Trust Center
    • Distributors
  • Get Pricing
  • Free Trial
  • Request a Demo
  • Support
  • Login
  • Contact
4925 Independence Parkway
Suite 400
Tampa, FL 33634
CALL US (813) 578-8200
  • Link to Facebook
  • Link to Linkedin
  • Link to Twitter
  • Link to Youtube
© 2023 CYBERFOX LLC ALL RIGHTS RESERVED  |  Privacy Policy

Knowledge Base Software powered by Helpjuice

Expand