Setup SSO with Microsoft Office 365/Azure

Modified on Wed, Feb 15, 2023 at 2:34 PM

Note: These instructions have been updated recently, and may not represent exact instructions as links or sites may change. Please contact us for more details if you are having difficulty with the setup.


Tip: These instructions apply to SSO only; you'll still need to manually provision and de-provision accounts in the Wellness360 portal.


  • Step 1: Log in to Office 365 as an admin

  • Step 2: Click on ‘Admin’

  • Step 3: On the navigation bar, find the entry for Admin centers and expand it. Open the link to ‘Azure Active Directory'


  • Step 4: Click ‘Enterprise Applications’ from the navigation bar.

  • Step 5: From the ‘All Applications’ pane, click ‘+ New application’

  • Step 6: Click ‘Non-Gallery Application’.

 

Note: It may be helpful during setup to go to the Enterprise applications on the Azure AD portal and click a link that says 'Click here to switch back to the old app gallery experience.' There you can start the 'Non-gallery application' workflow.

 

  • Step 7: At this point, you might be prompted to sign up for a service to enable SAML through an active directory. Azure Professional Tier 2 is sufficient and available for a trial period of one month with 100 users.

  • Step 8: Name the application and click create to continue the setup.

  • Step 9: From the ‘Single Sign-on' panel, select ‘SAML-based Sign-on’ from the drop-down selector.

  • Step 10: From near the bottom of the page, download the generated certificate in Federation Metadata XML mode.

  • Step 11: Click ‘Configure Wellness360’, from the bottom of the page, a new page will open up.

  • Step 12: Keep this page open, and open the Wellness360 admin portal in a new tab/window.

  • Step 13: Within the Wellness360 portal: At this point, we need to get details from Wellness360, log in as an administrator, and find SSO Settings on the left menu bar.

  • Step 14: Within the Wellness360 portal: Click on the SSO Settings tab to add configurations from the Active directory into Wellness360.



Note: You can copy over the "App Federation Metadata URL". And use that in the Wellness360 admin portal for SSO Settings That URL is the metadata URL and when you select the "Use metadata URL for provider configuration" checkbox we will download all the details. Click Save will update the details.

 

  • Step 15: Click save settings. When testing SSO you may at this point get this error, because the URL on the Microsoft side still needs to be updated.


In this case, back in the Azure admin portal, fill out the 'Basic SAML Configuration' fields:


The Identifier is our Issuer URL, the "Reply URL" is called "SSO Service URL (Assertion Consumer Service)" in Wellness360. You can optionally fill in the "Logout Url".


  • Step 16: Configure Active directory with Wellness360 settings

  • Step 17: Click save settings in the active directory page.

  • Step 18: Wait a minute (configuration can take a moment to be read properly, then click ‘Test SAML’)

 

Note: Active directory will attempt to login with the current user. This user might have an email address with the suffix .onmicrosoft.com. If this is the case, Wellness360 will prompt that the user is not registered in the network (all same users must be previously configured in the Wellness360 portal before the single sign-on will work for them). 

 

  • Step 19: From the Wellness360 portal, click ‘test logging in'. You might still get an error - our team had to assign our test users in the "Users and groups" tab before they had enough permissions in Azure AD to use the application.

  • Step 20: If everything has worked, press Enable SAML on the Wellness360 configuration page.



 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article