Purpose
The purpose of this article is to provide guidance in setting up Single Sign On with Azure for Outreach.
Intended Audience
- Outreach Admins
Notes
- During this procedure, you will have to navigate between the Azure and Outreach applications several times. It is recommended to have each open in separate browser tabs for convenience.
Procedure
In order to set up SSO with Azure, Outreach admin access, and a Microsoft/Office 365 account with Azure Active Directory admin access are required.
- Log in to Azure as admin.
- Click Azure Active Directory > New Application.
- Click Create your own application.
- Enter an application name.
- Select Integrate any other application you don't find in the gallery (Non-gallery).
- Open the new app and click Set up single sign-on.
- Select SAML.
- Navigate to Basic SAML Configuration and click Edit.
- Enter placeholder values in the Identity (Entity ID), and Reply URL fields.
Note: These will later need to be updated to the correct values. - Navigate to Attributes & Claims and click Edit.
- Click Unique User Identifier (Name ID).
- Ensure the following fields are configured correctly:
Name identifier format: Email address
Source: Attribute
Source Attribute: user.userprincipalname - Click Save.
- Log in to Outreach as an admin.
- Click Org Settings.
- Navigate to Sign in and password options.
- Click Edit.
- Click Single Sign On > Add identity provider.
- Enter Azure SSO as the name.
- In a different tab or window, navigate back to the Azure application.
- Download Certificate (Base 64).
- Locate and copy down the Login URL and Azure AD Identifier fields.
- Navigate back to the Add Identity Provider page in Outreach.
- Complete the Sign in URL and Identity Provider Entity ID fields with the Login URL and Azure AD Identifier fields respectively.
- Upload the Base 64 certificate.
- In SSO Settings click Edit.
- Make a note of the Setup Info field.
- Navigate back to Azure and Basic SAML Configuration.
- Click Edit.
- Take the Assertion Consumer Service (ACS) URL from Outreach and place it in the Reply URL (Assertion Consumer Service URL) field.
- Take the Service Provider Entity ID / Audience URI from Outreach and place it in the Identifier (Entity ID) field.
- Click Save.
- In Azure click Users and groups.
- Click Add user/group > none selected.
- Enter User email addresses.
- Navigate back to Outreach.
- Toggle Enable for Azure SSO.
- Click Save.
In order to ensure the process is complete, sign out of Outreach, refresh the page, then sign in with your email address. On the login page, the SSO prompt will be available.