Single Sign-On provides a way to seamlessly sign-in and manage your users in one place for portal access. Presently this is NOT compatible with our Dispatcher application.
Single sign-on (SSO) streamlines the authentication process, enabling users to access multiple applications and services using just one set of login credentials. SSO, a fundamental feature of identity and access management (IAM) technology, enhances user convenience and security, fostering seamless and protected online interactions. At 911Cellular, Portal Users can sign in using the following methods:
Google OAuth2
No setup is required for Google OAuth if you are utilizing Google for your business email. You will need to be invited and assigned a role and SecurityZone before accessing the portal. After that however you can just click the icon below and you will be signed in.
Office 365 OAuth2
No setup is required for Office 365 if you are utilizing Office 365 for your business email. You will need to be invited and assigned a role and SecurityZone before accessing the portal. After that however you can just click the icon below and you will be signed in.
Azure Active Directory
Azure active directory does require setup. For this, you will need a vanity URL. Please contact your 911cellular representative to assist you in requesting a subdomain. After your request has been fulfilled, you can setup the rest on your Azure Active Directory Icon.
The Azure Active Directory tile shows up in Settings > General if the institution has a custom domain.
The Azure Active Directory view:
Description text on the Azure Active Directory view:
Enable single sign-on (SSO) to the system for user accounts in your Azure Active Directory by creating an App Registration in Active Directory and entering its configuration values here.
The Microsoft Graph Application Permission User.Read.All must be granted admin consent for default directory.
Permission settings are in the API Permissions section of the App Registration.
Portal users added to the system via the single-sign-on method will be assigned to the top-most security zone and given the role that maps to their custom app role in Active Directory. If the role cannot be mapped, the user is not added to the system.
The required configuration values are found in the App Registrations section of Azure Active Directory:
- Object ID of App Registration
- Application (client) ID - used to create a confidential client application instance for authentication
- Directory (tenant) ID - of the organization from which the application will let users sign in
- Client Secret Value - a secret string that the application uses to prove its identity when requesting a token. This would be configured in the Certificates and Secrets section of the App Registration.
SAML
Create an enterprise application for SAML-based Sign-on.
- Your requested unique subdomain of publicsafetycloud.net. (Example acme.publicsafetycloud.net )
- App Federation MetaData URL
SAML Configuration Setup
- Set the Identifier (Entity ID) to 911cellular
- Set the Reply URL to https://<subdomain>.publicsafetycloud.net/Account/SamlSignin
If SAML Autoprovisioning is enabled, then portal users will automatically be created with the role specified on their first login attempt. Otherwise, a portal account will need to be added in order for users to authenticate with SAML.
.png?width=688&height=662&name=image%20(1).png)