Enterprise - Implementing Coviu with Azure SSO in your Organisation

This article explains the steps taken to integrate Coviu into your Azure Single Sign-On (SSO) system.

Last updated: May 2021

For: SSO System Administrators. You will need Coviu Platform Administrator access to undertake the following Coviu SSO configuration activities or, undertake these actions in conjunction with your Coviu Platform Administrator.

On this page:

  1. Introduction
  2. What do we need you to do?
  3. How do I turn on SSO in Coviu?
  4. How do I get to the SSO self-help portal in Coviu?
  5. What config items do I need?
  6. FAQ's
  7. More support options

Introduction

Coviu now has a self-help SSO configuration interface built in to your Enterprise platform. These instructions will guide you on how to access and implement Coviu SSO using the interface.


What do we need you to do?

Create a new application registration!

The below instructions should only be used as a guide. Your SSO Administrator will know the specific steps required to create a new application registration within your system so the instructions below should be used within that context.

  1. Sign in to your Azure Portal
  2. Go to Azure Active Directory
  3. Under Manage, click App Registrations
  4. Click the New Registration option
  5. Provide the following details:
    1. Name: Coviu (or your preferred naming convention)
    2. Supported Account Types - this setting will depend on your organisation setting, but will generally be the Single Tenant option to only allow authentication by users in this Active Directory tenant
    3. Redirect URL:
      1. Select Web 
      2. https://<your coviu sub domain here>/sso/callback?domain=<your domain here> e.g:
      3. https://telehealth.mycompanyname.com.au/sso/callback?domain=mycompanyname.com.au 
        1. NOTE: Your Coviu sub domain is the domain you provided to host the Coviu platform.
        2. NOTE: Your domain at the end of the string is your email domain.
    4. Click Register 
  6. You should now have a new application registration available. 
  7. In order to configure your application within Coviu, you will need to provide the URL to your Federation Metadata document. This can be found under the Endpoints option in your application configuration.

  8. This Federation Metadata Document URL will be passed to coviu.com and used to extract the SSO Sign on URL, the entity ID, and certificates needed to perform SSO

  9. You will also need your application (client) ID which is the issuer ID.


How do I turn on SSO in Coviu?

Turn on SSO in Coviu!

Use our self-help SSO interface to turn on SSO in Coviu. 

Caution! When you click the Enable SSO toggle, you will be activating SSO. The option to Enable/Disable SSO is built into the interface so plan your release beforehand e.g;

  • Can you enable it out-of-hours for initial testing?
  • Create your rollout plan and release date and enable from there.  

How do I get to the self-help SSO Configuration interface?

Your Coviu Platform Administrator will need to undertake these steps.

Log into Coviu as you normally would:

  1. If you are already in the platform, click the drop-down arrow next to your profile name and thumbnail
  2. Click Platform Administration
  3. Click System Configuration
  4. Click the Single Sign On tab
  5. Click Add ConfigurationCoviu Single Sign-on
  6. On the Create SSO Configuration interface (see below screen capture), add the required details.
  7. The Contact Name, Contact Email and Contact Number fields are provided as part of a message to any staff member who attempts to access the platform but has not yet been provided an account in Coviu. The details could be for your SSO System Administrator or your IT Service Desk for example.
  8. Ticking the Enable SSO option will make your configuration go live so proceed with caution.
  9. Save the configuration when done. If you have chosen Enable SSO, then your system should be ready to go.

What configuration items will you need for the Interface?

The details you enter into the Coviu SSO self-help Configuration interface (below) are those details that come from creating your new Application Registration and the metaData XML file. Enter them in the fields shown below:

New Application Registration


    FAQs

    1. Do we integrate with other SSO technologies?
      1. Information on integrating with on-prem ADFS can be found here.
      2. If your organisation uses another means for SSO, let us know. Register your interest with your Coviu account representative.
    2. Do we support SAML 2.0?
      1. Yes, SAML 2.0 is the protocol we support at the moment.
    3. Is our product (Coviu) listed in the Azure Marketplace/Gallery?
      1. No. Not at this stage.
    4. Authentication state?
      1. Forms based.
    5. Do we require Microsoft ADFS 3.0 to encrypt assertions to protect data leakage of sensitive information passed back to Coviu during logon?
      1. We don't support this extra layer of encryption at the moment.
    6. Do we require the Microsoft ADFS 3.0 to sign their assertions?
      1. Yes, we validate the signatures when we receive a request/response from Microsoft ADFS 3.0.

     Who do I contact for Support?

    • You can contact your Coviu account manager directly, alternatively,
    • You can contact us through one of the options available here.