Introduction

Azure Active Directory (Azure AD) stands as Microsoft's cloud-based identity and access management service, providing a robust framework for organizations to secure and manage user identities and access to applications. Serving as a comprehensive solution, Azure AD enables the creation and administration of user accounts, groups, and devices, fostering efficient identity management. Its Single Sign-On (SSO) capabilities streamline user access to various applications with a unified set of credentials, enhancing user experience and security. Additionally, Azure AD facilitates multi-factor authentication and supports a diverse ecosystem of applications, both Microsoft and third-party, making it a fundamental component for organizations seeking a centralized and secure approach to identity and access management in the cloud. An Azure Active Directory connector can be configured in SigningHub Admin by providing two integration keys, i.e. Client ID and Client Secret. 


How it works?

  1. Create an Azure AD App in Azure Active Directory.
  2. Create an Azure AD connector in SigningHub Admin.
  3. Create an Azure AD authentication profile in SigningHub Admin.


Create an Azure AD App in Azure Active Directory

  1. Sign in to the Azure portal using your Azure Active Directory administrator account.



  2. Select "Azure Active Directory" from the left tab.



  3. Click on the "Enterprise Applications" from the left panel.



  4. Click on the "New application" button.



  5. Click on the "Create your own application" button.



  6. Enter the name for the app, select an option for your app via the radio button, and click on the "Create" button.



  7. Select the "Supported account types". Under the "Redirect URl", select "Web" and enter "https://web.signinghub.com/OAuth/AzureADCallBack".
    Click on the "Register" button.



  8. Click on the "Enterprise applications | All applications" button.



  9. Search and open the created app.



  10. You will be taken to the app overview screen. Select "Properties" from the left tab.



  11. From the properties screen, click on the "application registration" hyperlink.



  12. Select "API permissions" from the left tab.



  13. From the "API permissions" screen, click on "Add a permission" button.



  14. From the "Request API permissions" tab, click on "Microsoft Graph".



  15. Click on "Delegated Permissions".



  16. Search for and select "Directory".



  17. Select the "Directory.Read.All" permission, and click on the "Add permissions" button.



  18. Select “Certificates & secrets” from the left tab. Create a new client secret by clicking on the “New client secret” button. Save the client secret for use in the SigningHub connector.



  19. Get the ClientID, directory ID and endpoints from “Overview”.



  20. For adding user, go to “Azure AD” from “Overview”.



  21. Click on the “Assign users and groups” button.



    Then click on the “Add user/group” button.



  22. Create an Azure Active Directory Connector, using information from step 14 and 15.

Create an Azure AD connector

  1. Access the SigningHub Admin portal.
  2. Click the "Configurations"section from the left menu.
  3. Click the "Connectors" tab. The "Connectors" screen will appear.
  4. Click  from the grid header.



  5. A dialog will appear to add the connector details. The connector dialog is comprised of two screens, i.e. Basic Information and Details. Specify the basic information and click the "Next" button to provide the respective connector details. See the below table for fields description.




     
  6. Click the "Finish" button. A new connector will be saved and displayed in the list.


Basic Information

Fields

Description

Name

Specify a unique name for this connector, i.e. My Azure Active Directory. This connector will be used in the configuration of Authentication Profiles.

Provider

Select the provider for this connector, i.e. "Azure Active Directory". 

Purpose

This field will display the purpose of the selected provider above, i.e. the purpose of "Azure Active Directory" is "Authentication".

Active

Tick this check box to make this connector active. Inactive connectors cannot be configured in the Authentication Profiles.


Details

Fields

Description

Logo

Select an appropriate image in the jpeg, jpg, gif or png format for the connector's logo that will be displayed on the login screen.

Client ID

Specify the registered client ID that has been provided by Azure Active Directory during account configuration, e.g.
 "d6920aa5-258b-a520-b0gh-870503xv8b4d". 
SigningHub will use this ID to communicate with the Azure Active Directory server.

Client Secret

Specify the client secret that has been provided by Azure Active Directory during account configuration, e.g.
"hniZYHqPEcKy6H25-LjzSX0Q".

Account Type

Specify whether the account type is Single Tenant or Multi Tenant. 
A single tenant account allows the accounts within the same organisational directory only to use the application. While a multi tenant account allows all the organisational directories to use the application.


Create an Azure Active Directory authentication profile

  1. Access the SigningHub Admin portal.
  2. Click the "Configurations" option from the left menu.
  3. Click the "Authentication Profiles" option. The "Authentication Profiles" screen will appear.
  4. Click  from the grid header.

     

  5. A dialog will appear to configure the authentication profile details. 



  6. Specify the details accordingly and click the "Save" button. A new authentication profile will be saved and displayed in the list. See the below table for fields description.


Authentication Profile

Fields

Description

Name

Specify a unique name for this authentication profile, i.e. Azure AD Authentication. This name will be displayed at the login screen of SigningHub Desktop Web.

Description

Specify any description related to this authentication profile for your record.   

Method

Select the authentication method (i.e.Azure Active Directory Authentication) for this profile.

Connector        

This field will appear to select the related connector, when you select any third-party authentication method above. Select the Azure Active Directory connector. Click  to view the details of the selected connector.

Details

  When the "Azure Active Directory Authentication" method is selected, the "Details" fields will appear, in addition to the "Connector" field, to specify the "Allowed Groups" information. 

    • The "Allowed Groups" field refers to the (comma separated) authorised security groups in your Azure Active Directory (i.e. Sales, Marketing, Accounts, etc.) that are used for provisioning in SigningHub.
  1. ​If the "Allowed Groups" field is left blank, then all the domain users of a directory would be able to authenticate by using the authentication profile.

Active

Tick this check box to make this authentication profile active. Only the active profiles are available to the end users on their Login screen and Integration screen of SigningHub Desktop Web for authentication.

Private

Tick this check box to mark this authentication profile as private. A private profile will not be available to the (public) end users on their Login screen and Integration screen of SigningHub Desktop Web.
Private profiles from here will be available in the "Settings" tab of service plan configuration, and are specifically used for the corporate logins on SigningHub Desktop Web.

You can associate any supported external Identity Provider (i.e. BankID, Active Directory, Google, etc.) as required with a private authentication profile to make it exclusive for a corporate. 


  1. This profile will be used for authentication purposes at the time of logging in or signing a document.


See Also