Enterprise - Implementing Coviu with Azure SSO in your Organisation

This article explains the steps taken to integrate Coviu into your Azure Single Sign-On (SSO) system.

Last updated: Feb 2021

 

The below instructions should just be used as a guide as to what we need you to do to integrate Coviu with your SSO. Your corporate SSO system administrator should only undertake these actions in conjunction with your Coviu representative:

  1. Enter your Azure Active Directory and access your App Registrations (under Manage)
  2. Click the New Registration option
  3. Provide the following details:
    1. Name: (Your organisation name)
    2. Supported Account Types - this setting will depend on your organisation setting, but will generally be the Single Tenant option to only allow authentication by users in this Active Directory tenant
    3. Redirect URL:
      1. Select Web 
      2. https://<your coviu sub domain here>/sso/callback?domain=<your domain here>
      3. Your Coviu sub domain is the domain you provided to host the Coviu platform 
    4. Click Register 
  4. You should now have a new application registration available. 

What will we need from you?

To turn on SSO in Coviu, we will ask you for your:

  • Domain
  • Redirect URL
  • Entity ID
  • Application ID
  • Certificates
  • Federation Metadata URL

Note:

Once the Federation Metadata URL and Application ID are configured in SSO, the switch over is immediate for all users.

FAQs

  1. Do we integrate with other SSO technologies?
    1. Information on integrating with on-prem ADFS can be found here.
    2. If your organisation uses another means for SSO, let us know. Register your interest with your Coviu account representative.
  2. Do we support SAML 2.0?
    1. Yes, SAML 2.0 is the protocol we support at the moment.
  3. Is our product (Coviu) listed in the Azure Marketplace/Gallery?
    1. No. Not at this stage.
  4. Authentication state?
    1. Forms based.
  5. Do we require Microsoft ADFS 3.0 to encrypt assertions to protect data leakage of sensitive information passed back to Coviu during logon?
    1. We don't support this extra layer of encryption at the moment.
  6. Do we require the Microsoft ADFS 3.0 to sign their assertions?
    1. Yes, we validate the signatures when we receive a request/response from Microsoft ADFS 3.0.