Tutorial: Azure Active Directory SSO integration with SSO for GTP Services via SAML

Owned by Terry Humphries, created
Last updated: Dec 11, 2023
4 min read

In this tutorial you will learn how to integrate SSO for GTP Services with your organization’s Azure AD. Which will enable your organization to:

  • Manage your user accounts in the Azure portal

  • Enforce password/MFA polices at your discretion

 Instructions

  1. Decide if you’re going to test SSO in the GTP Release Candidate environment. Using the Release Candidate will allow you to experience how the login process for GTP Services will change with SSO enabled.

2. Pick an Organization Tag for you organization. The Organization Tag is a unique identifier used by SSO setup for your connection to GTP Services. It can be any length, we suggest using some form of your domain name(s). For example for our GoGTP.com domain we use GoGTP as our Organization Tag. Create a new GTP Service Desk ticket. Give it a title of SSO for STRATUS. Paste what you've chosen as your Organization Tag in the body of the ticket.

3. From the Azure Portal Home page, select Azure Active Directory.

4. From the Azure AD Overview page, select App registrations, you’ll need to create a new applications.

5. On the App registrations page, select new registration.

6. Complete the Register an application form

With the following:

a. Name: Choose a name that is Unique to the organization and describes the function of the application. We suggest you use GTP Services SSO

b. Supported account type: Select the account type(s) that you want to support with this application configuration

c. Redirect URI: Leave this as-is for now

7. Select the Endpoints link in the upper menu of the new application

In the ticket created in step 2 past the title and contents of the following endpoint into the body of the ticket.

a. Federation metadata document

8. On the Overview page, select Add an Application ID URI

Select the Set link, then if you are going to try out SSO in our Release Candidate environment use:

api://GTPRC.OrganizationTag

For Production use:

api://GTPServices.OrganizationTag

where OrganizationTag is replaced with the Organization tag you defined in step 2.

9. Then select the Add a Redirect URL link

Under Platform configurations, select Add a platform

10. On the Configure platforms, select Web

Complete the Configure Web form

The Redirect URIs for Release Candidate are:

The Redirect URIs for Production are:

The Front-channel logout URL for Production is:

  • https://login.gtpstratus.com/gtpservices.onmicrosoft.com/b2c_1a_login_hrd/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.gtpstratus.com%2F

The Front-channel logout URL for Release Candidate is:

  • https://login-rc.gtpstratus.com/gtprc.onmicrosoft.com/b2c_1a_login_hrd/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.gtpstratus.com%2F

Be sure you also enable Access tokens by selecting it

11. Add 1-2 user email addresses to the body of the ticket created in step 2 and save it. Note you only need to include the user email address if you've chosen to test using the Release Candidate site.

Once we’ve completed the setup on the GTP side we’ll contact you about testing in the Release Candidate si if you chose to set it up, otherwise we will contact you about scheduling a Production switch over.

 

 

© Copyright 2022 GTP Services, LLC All rights reserved. | About | Contact