Skip to main content

Integrations

Microsoft Azure single sign-on

đź’ˇ
Required user level: Owner

Enabling Microsoft Azure Single Sign-On will replace the default login with Microsoft. It is recommended to keep a window open to Azure and SOS simultaneously for this process.

In SOS, login as the Owner account and go to System Settings > SSO+EHR then select Microsoft Azure Entra ID.

Login to portal.azure.com and go to Microsoft Entra ID.

Go to App Registrations and click + New Registration.

  1. Name the App Registration (ex: SOS).
  2. Redirect URI: Select Web and copy the redirect URI from SOS List into Azure.
    Note: The Redirect URI is generated from the Address set in Network Settings
0:00
/0:14

Copy the Application (client) ID and Directory (tenant) ID from Azure into SOS then save.

In SOS, generate and download the Public Certificate.
It will be named kolkin-sos-azure.pem

Then upload the public certificate from SOS into Azure for your SOS App Registration. Navigate to Manage > Certificates & secrets > Certificates

Next, go to API permissions and click Grant admin consent which allows SOS to read user permissions to authenticate users.

To restrict access to SOS to only a subset of your organization’s users:
Start from Entra ID Overview and go to Enterprise Applications > Kolkin SOS > Properties.
In Properties, switch Assignment Required to “Yes” then Save the changes.

To assign users or groups to the application, find Users and groups under manage and click + Add user/group.

After the Public Certificate is uploaded to Azure and User Groups are assigned, Azure is configured to authenticate users for SOS.

Go back to SOS check the Enable Active Directory box under Activate SSO.
This will force all users to sign-in with an approved Microsoft account.

Test your integration by going to your SOS Address. You should be redirected to Microsoft and either see a login screen or be auto-signed if you’re already logged into Microsoft.

Azure Single Sign-on Maintenance & Notes:

  1. You can still reach the SOS sign-in page by going to /signin but only the Owner account can sign-in with a password. All other accounts need to sign-in with an approved Microsoft account.
  2. The Public Certificate from SOS expires after 12 months and needs to be replaced each year.