Configure Microsoft SSO

This article will walk you through the steps required to configure Microsoft SSO.

 Restore Visibility

  Safeguard Compliance   

 Estimated Read Time: 3 Minutes

Sections in this article:

• Part 1 - Configure Microsoft SSO
  • Add Gatekeeper to your Azure Microsoft Apps
  • Add Gatekeeper to your Azure Enterprise Apps
• Part 2 - Configure Gatekeeper
• Part 3 - Log in to Gatekeeper with Microsoft

Part 1 - Configure Microsoft SSO

There are two options for configuring Microsoft SSO:

• Add Gatekeeper to your Azure Microsoft Apps
• Add Gatekeeper to your Azure Enterprise Apps

Add Gatekeeper to your Azure Microsoft Apps

1. In your apps Gallery, click ➕ Create your own application.
2. Name the Application (Gatekeeper), then click Create.
   1. Do not choose a pre-existing Gallery application. This should be a custom app.
3.  Under Getting Started, click Set up single sign on.
4. Select Linked as the SSO type.
5. Configure the Sign on URL using one of the below options:
   • If US: https://auth-us.gatekeeperhq.com/users/auth/microsoft_oauth2
   • If Canada: https://auth-ca.gatekeeperhq.com/users/auth/microsoft_oauth2
   • If Europe: https://auth-eu.gatekeeperhq.com/users/auth/microsoft_oauth2
   • If APAC: https://auth-apac.gatekeeperhq.com/users/auth/microsoft_oauth2
6. Click Save.
7. As the final step, you can assign the users/groups in MS/Azure who should be able to authenticate and log in to Gatekeeper.

Add Gatekeeper to your Azure Enterprise Apps

1. Navigate to your Enterprise Applications and click ➕ Create your own application
2. Name the Application (Gatekeeper), then click Create.
3. Under Basic SAML Configuration, populate the below values:
   1. Entity ID: Take the 4 digits from your tenant's Gatekeeper URL.
      
   2. Reply URL:
      • If US: https://auth-us.gatekeeperhq.com/users/auth/microsoft_oauth2
      • If Canada: https://auth-ca.gatekeeperhq.com/users/auth/microsoft_oauth2
      • If Europe: https://auth-eu.gatekeeperhq.com/users/auth/microsoft_oauth2
      • If APAC: https://auth-apac.gatekeeperhq.com/users/auth/microsoft_oauth2
4. Click Save
5. As a final step, you can assign the users/groups in Azure who should be able to authenticate and log in to Gatekeeper.

See Microsoft's guidance for further details.

Part 2 - Configure Gatekeeper

Once you have verified that this app has been set up successfully and that users can authenticate via SSO, you can lock your Gatekeeper environment so that Microsoft SSO is the only valid login option. To do this:

1. From the navigation menu, expand Settings then click Configuration.
2. Click Authentication.
3. Select the Require Microsoft Single Sign On (SSO) radio button.
4. Enable the Support Access toggle to allow tenant users with the @gatekeeperhq.com domain to bypass your SSO authentication requirements, so that they can assist with any support enquiries related to your tenant. It is strongly recommended to enable this. 
   
5. Click Save.

Part 3 - Log in to Gatekeeper with Microsoft

1. Navigate to the relevant URL and you will be prompted to sign-in with your Microsoft Account:
   • If US: https://auth-us.gatekeeperhq.com/users/auth/microsoft_oauth2
   • If Canada: https://auth-ca.gatekeeperhq.com/users/auth/microsoft_oauth2
   • If Europe: https://auth-eu.gatekeeperhq.com/users/auth/microsoft_oauth2
   • If APAC: https://auth-apac.gatekeeperhq.com/users/auth/microsoft_oauth2
2. Select your Microsoft account.
   

You are now logged in to Gatekeeper via your Microsoft account. When troubleshooting login issues, verifying the case sensitivity of both the email address and password is essential.