The objective of this tutorial is to show the integration of Azure AD and your Kudos® platform. The scenario outlined in this tutorial assumes that you already have the following items:
- A valid Azure subscription
- A Kudos® platform tenant
After completing this tutorial, the Azure AD users you have assigned to Kudos® will be able to single sign into the application at your Kudos® company site (service provider-initiated sign-on), or using the Introduction to the Access Panel.
The scenario outlined in this tutorial consists of the following steps:
- Configuring Azure AD
- Assigning users
- Configuring SSO in Kudos® platform
- Configuring user provisioning using SCIM
Configuring Azure AD
The objective of this section is to outline how to enable the application integration for the Kudos® platform.
To enable the application integration for your Kudos® platform, perform the following steps:
1. In the Office 365 Admin center, on the left navigation pane, click Azure Active Directory.
2. From the left navigation pane, click Enterprise Applications.
3. From the left navigation pane and under Manage > All Applications, click New Application.
4. Search the Kudos® application from the gallery as shown below and select it.
5. Enter a name for the application, for example "Kudos® SSO", and click Add on the bottom of the page.
6. After adding the Kudos® SSO application, select the Single sign-on option from the left navigation pane.
7. Edit the Basic SAML Configuration area and enter the following information and save:
- Identifier (Entity ID): Kudos®
- Reply URL (Assertion Consumer Service URL)*: https://youruniqueurl.kudosnow.com/saml
- Sign on URL*: https://youruniqueurl.kudosnow.com
- Relay State: Leave empty
- Logout Url: Leave empty
* company is your Kudos® URL / subdomain.
8. Edit the User Attributes & Claims area and enter the following information and save:
- Givenname: user.givenname
- Surname: user.surname
- Emailaddress: user.mail
- Name: user.userprincipalname
- Unique User Identifier: user.mail
9. Under the SAML Signing Certificate area, download the Certificate (Base64), and then save the certificate file on your computer which we will use later to configure the Kudos® platform.
10. Under the Set up Kudos® - SSO area, copy the Login URL to your clipboard which we will use later to configure the Kudos® platform.
You need to grant the Azure AD users / groups you want to allow using your application access to the Kudos® app by assigning them as follows:
1. Click the Users and Groups option from the left navigation pane.
2. Select Users and/or Groups to assign to the Kudos® SSO app. Only those users will have access to the Kudos® application. Make sure the users have matching emails to their Kudos® profile email address.
Configuring SSO in the Kudos® Platform
1. In a different web browser window, log into your Kudos® company site as an administrator.
2. Navigate to Admin Gear ⚙️ > Account Settings > Integrations > SSO
3. In the SSO section, perform the following steps:
- Select the SSO Identifier, Email. We support the following fields: Email, Employee Number and External Id.
- Paste the Login URL copied previously into the Sign on URL text box.
- Paste the content of the certificate file using a text editor saved previously into the x.509 certificate area.
- Copy https://login.microsoftonline.com/common/wsfederation?wa=wsignout1.0 into the Logout To URL text box.
- Click Save.
We hope this helps! If you have any questions, please reach out to us at firstname.lastname@example.org and one of our friendly staff would be happy to assist you!