Single Sign-On (SSO)
Last updated
Was this helpful?
Last updated
Was this helpful?
Setting up SSO with ION allows you to provision and de-provision users in ION automatically. Company employees will be able to login to ION for the first time using SSO and that will create a user profile for them with the User role. There, admins can grant them any additional roles. In addition, when a user is de-provisioned from SSO, the user will be deactivated automatically in ION.
You can set up your organization to sign in to ion using your Azure AD. First Resonance support with the following information and follow the subsequent steps to confirm your connection.
Your Azure AD Domain address (e.g. firstresonance.onmicrosoft.com)
A list of email domains that should be enabled with login to ION (@acme.com, @acme.io, @acmeindustries.com, etc). Any of the emails with these associated domains will trigger the ION authentication flow to authenticate with your AD.
In your Azure AD panel, go to Azure Active Directory → App Registrations → New Application.
(Optional) For supported account types, select the domain that you prefer for your Azure AD services
Enter the below line as a Web type for Redirect URI:
Take note of the client ID and client secret values
Send the values to the First Resonance support team.
Once the support ticket confirms, test your connection by going to the application. Signing in with your provided domains, users should be able to type in their Azure-associated email address and see something similar to this before completing authentication with your Azure AD identity provider;
Open a support ticket with First Resonance, as described in the Azure AD section above
The values required for First Resonance authentication are as follows:
Realm Identifier: urn:auth0:firstresonance
Endpoint: https://firstresonance.auth0.com/login/callback
Follow the instructions for manual set up, per Auth0's documentation here:
