Single Sign On (SSO) provides the ability for Content Administrators to log into the SnapComms platform using company credentials, rather than a SnapComms username and password. The following types of authentication are supported:
 

• Log in with Company ID (SAML SSO): Preferred SSO method as this supports authentication for the SnapComms Content Manager (Administrators) and SnapComms MAC and Mobile Apps
• Log in with a Microsoft account (MS Azure Active Directory): for Content Administrators only

NOTE: SSO is available on SnapComms Cloud and SnapComms Private Cloud. Mobile SSO requires SnapComms Mobile Apps version 19.6 and above. 
  

Login with a Microsoft account

Prerequisites

• A trust established between SnapComms and the Microsoft Azure Active Directory.
• An Active Directory static group, containing the users needing access to the Content Manager, must be created in Azure AD.

Establishing a Trust

In Content Manager, navigate to Management >> Integrations.



Click on the Microsoft Account Integrations button.



Click on the Set up Microsoft sign in button.


 

Domain Administrator access to Microsoft Account

If you have Domain Administration access to your Microsoft Azure Active Directory, click the Complete authorization yourself button.



You will be taken to Microsoft Online (https://login.microsoftonline.com/common/oauth2/authorize) where you will complete the authorization process.

No Domain Administrator access to Microsoft Account

If you do not have Domain Administration access to your Microsoft Azure Active Directory, click the Send sign up link button.



The following screen is displayed:



Enter the email address of the person that has Domain Administration access to your Microsoft Azure Active Directory.
Optionally, enter a message that will appear below the following email message to your Domain Administrator.
Click the Send button.

An email will be sent to your Domain Administrator with the following content:

A user from your organization (your email address) would like to set up integrated sign on capabilities between your organizational accounts and the SnapComms Content Manager.

To complete this process, you should click the 'Authorize SnapComms' button and follow the directions to grant access in your organization's directory.



Clicking the Authorize SnapComms button in the email will take the Domain Administrator to Microsoft Online (https://login.microsoftonline.com/common/oauth2/authorize) where they will complete the authorization process.

Configuring a Group for Content Manager access

Single Sign On enables users to access Content Manager using their Microsoft Account login credentials. Control over which users are able to access Content Manager is determined by a Microsoft Azure Active Directory group.

In Microsoft Azure Active Directory, you can create a new group (or use an existing one) to control which users should have Content Manager access. Obtain the Object ID for the group specified within Microsoft Azure Active Directory.



In Content Manager, navigate to Management >> Integrations.



Click on the Microsoft Account Integrations button.



Enter the groups Object ID into the Administrator Group ID field.



Click the Save button.



If you need to change the group for any reason, repeat the above process to add the new group's Object ID.

How to login using a Microsoft account

If you are configured to use Single Sign On, please use this URL, https://login.snapcomms.com/ to access the additional Log in with a Microsoft account button.



To login using your windows credentials, click on the Log in with a Microsoft account button.



If you are logged on to your Microsoft Account, you will not be prompted to enter a username or password.
If you are not logged on to your Microsoft Account, you will be prompted by Microsoft to log in to your Microsoft Account.

Note: The windows user must be a member of the group assigned for SnapComms within your Active Directory.

Alternatively, you may still log in using a username and password, then clicking on the Login button.



Note: The username and password must exists within Content Manager under Management >> Administrators.