Tutorial: Azure Active Directory SSO integration with SSO for GTP Services via SAML
In this tutorial you will learn how to integrate SSO for GTP Services with your organization’s Azure AD. Which will enable your organization to:
Manage your user accounts in the Azure portal
Enforce password/MFA polices at your discretion
Instructions
Decide if you’re going to test SSO in the GTP Release Candidate environment. Using the Release Candidate will allow you to experience how the login process for GTP Services will change with SSO enabled.
2. Pick an Organization Tag for you organization. The Organization Tag is a unique identifier used by SSO setup for your connection to GTP Services. It can be any length, we suggest using some form of your domain name(s). For example for our GoGTP.com domain we use GoGTP as our Organization Tag. Create a new GTP Service Desk ticket. Give it a title of SSO for STRATUS. Paste what you've chosen as your Organization Tag in the body of the ticket.
3. From the Azure Portal Home page, select Azure Active Directory.
4. From the Azure AD Overview page, select App registrations, you’ll need to create a new applications.
5. On the App registrations page, select new registration.
6. Complete the Register an application form
With the following:
a. Name: Choose a name that is Unique to the organization and describes the function of the application. We suggest you use GTP Services SSO
b. Supported account type: Select the account type(s) that you want to support with this application configuration
c. Redirect URI: Leave this as-is for now
7. Select the Endpoints link in the upper menu of the new application
In the ticket created in step 2 past the title and contents of the following endpoint into the body of the ticket.
a. Federation metadata document
8. On the Overview page, select Add an Application ID URI
Select the Set link, then if you are going to try out SSO in our Release Candidate environment use:
api://GTPRC.OrganizationTag
For Production use:
api://GTPServices.OrganizationTag
where OrganizationTag is replaced with the Organization tag you defined in step 2.
9. Then select the Add a Redirect URL link
Under Platform configurations, select Add a platform
10. On the Configure platforms, select Web
Complete the Configure Web form
The Redirect URIs for Release Candidate are:
https://login-rc.gtpstratus.com/gtprc.onmicrosoft.com/oauth2/authresp
https://rc.gtpstratus.com/signin-oidc
The Redirect URIs for Production are:
The Front-channel logout URL for Production is:
https://login.gtpstratus.com/gtpservices.onmicrosoft.com/b2c_1a_login_hrd/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.gtpstratus.com%2F
The Front-channel logout URL for Release Candidate is:
https://login-rc.gtpstratus.com/gtprc.onmicrosoft.com/b2c_1a_login_hrd/oauth2/v2.0/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.gtpstratus.com%2F
Be sure you also enable Access tokens by selecting it
11. Add 1-2 user email addresses to the body of the ticket created in step 2 and save it. Note you only need to include the user email address if you've chosen to test using the Release Candidate site.
Once we’ve completed the setup on the GTP side we’ll contact you about testing in the Release Candidate si if you chose to set it up, otherwise we will contact you about scheduling a Production switch over.
© Copyright 2022 GTP Services, LLC All rights reserved. | About | Contact