The objective of this tutorial is to show the integration of Azure and Kudos. The scenario outlined in this tutorial assumes that you already have the following items:
- A valid Azure subscription
- A Kudos tenant
After completing this tutorial, the Azure AD users you have assigned to Kudos will be able to single sign into the application at your Kudos company site (service provider initiated sign on), or using the Introduction to the Access Panel.
The scenario outlined in this tutorial consists of the following building blocks:
- Enabling the application integration for Kudos
- Configuring single sign-on (SSO)
- Configuring user provisioning using SCIM
- Assigning users
Enabling the application integration for Kudos
The objective of this section is to outline how to enable the application integration for Kudos.
To enable the application integration for Kudos, perform the following steps:
1. In the Azure classic portal, on the left navigation pane, click Active Directory.
2. From the Directory list, select the directory for which you want to enable directory integration.
3. To open the applications view, in the directory view, click Applications in the top menu.
4. Click Add at the bottom of the page.
5. On the What do you want to do dialog, click Add an application from the gallery.
6. In the search box, type Kudos.
7. In the results pane, select Kudos, and then click Complete to add the application.
Configure single sign-on
The objective of this section is to outline how to enable users to authenticate to Kudos with their account in Azure AD using federation based on the SAML protocol.
As part of this procedure, you are required to create a base-64 encoded certificate file. If you are not familiar with this procedure, see How to convert a binary certificate into a text file.
To configure single sign-on, perform the following steps:
1. In the Azure classic portal, on the Kudos application integration page, click Configure single sign-on to open the Configure Single Sign On dialog.
2. On the How would you like users to sign on to Kudos page, select Microsoft Azure AD Single Sign-On, and then click Next.
3. On the Configure App URL page, in the Kudos Sign On URL text box, type your URL using the following pattern https://company.kudosnow.com, and then click Next.
4. On the Configure single sign-on at Kudos page, click Download certificate, and then save the certificate file on your computer.
5. In a different web browser window, log into your Kudos company site as an administrator.
6. In the menu on the top, click Settings > Account.
7. Click Integrations > SSO.
8. In the SSO section, perform the following steps:
- Select the SSO Identifier, Email. We support the following fields: Email, Employee Number and External Id.
- In the Azure classic portal, on the Configure single sign-on at Kudos dialog page, copy the Single Sign-On Service URL value, and then paste it into the Sign on URL text box.
- Create a base-64 encoded file from your downloaded certificate. [!TIP] For more details, see How to convert a binary certificate into a text file
- Open your base-64 encoded certificate in notepad, copy the content of it into your clipboard, and then paste it to the X.509 certificate text box
- In the Azure classic portal, on the Configure single sign-on at Kudos dialog page, copy the Single Sign-Out Service URL value, and then paste it into the Logout To URL text box.
- In the Your Kudos URL text box, type your company name.
- Click Save.
9. On the Azure classic portal, select the single sign-on configuration confirmation, and then click Complete to close the Configure Single Sign On dialog.
Configure SCIM user provisioning
In order to enable Azure AD users to log into Kudos, they must be provisioned into Kudos.
To provision a user accounts using SCIM, perform the following steps:
1. In a web browser, launch the Azure management portal at https://manage.windowsazure.com.
2. Browse to Active Directory > Directory > [Your Directory] > Applications, and select Add > Add an application from the gallery.
3. Search and Select "CustomScim1", enter a name for your application, and click the checkmark icon to create an app object.
4. In the resulting screen, select the second Configure account provisioning button.
5. In the Provisioning Endpoint URL field, enter the URL of Kudos SCIM endpoint at https://api.kudosnow.com/scim/v1
6. Copy the required OAuth bearer token into the Authentication Token field. You can get the token from Kudos Admin panel's API tab.
7. Click Next, and click on the Start Test button to have Azure Active Directory attempt to connect to the SCIM endpoint. If the attempts fail, diagnostic information will be displayed.
8. If the attempts to connect to the application succeed, then click Next on the remaining screens, and click Complete to exit the dialog.
9. In the resulting screen, select the third Assign Accounts button. In the resulting Users and Groups section, assign the users or groups you want to provision to the application.
10. Once users and groups are assigned, click the Configure tab near the top of the screen.
11. Under Account Provisioning, confirm that the Status is set to On.
12. Under Tools, click Restart account provisioning to kick-start the provisioning process.
Note that 5-10 minutes may elapse before the provisioning process will begin to send requests to the SCIM endpoint. A summary of connection attempts is provided on the application’s Dashboard tab, and both a report of provisioning activity and any provisioning errors can be downloaded from the directory’s Reports tab.
To test your configuration, you need to grant the Azure AD users you want to allow using your application access to it by assigning them.
To assign users to Kudos, perform the following steps:
1. In the Azure classic portal, create a test account.
2. On the Kudos application integration page, click Assign users.
3. Select your test user, click Assign, and then click Yes to confirm your assignment.
If you want to test your single sign-on settings, open the Access Panel. For more details about the Access Panel, see Introduction to the Access Panel.
We hope this helps! If you have any questions, please post a comment below and one of our friendly team members will be happy to assist you.