Overview

Microsoft Live ID offers reliable integration for Single Sign-On for all your web and mobile applications. The service offers a full-featured federation engine and flexible access policy. A user can log in with a single ID to gain access to a connected system or systems without being prompted for different usernames or passwords. 


Here is how you can set up SSO using Microsoft Live ID:


Before you start

  • Only Administrators and Managers can configure an SSO App in Portal Settings.

  • For configuring Microsoft SSO with VIDIZMO, you must have a Microsoft Live ID account so that you can create a web application that will enable you to sign in.
  • If other SSO Apps have been configured and enabled on your Portal other than Microsoft SSO, your users will see multiple buttons on the login page allowing them to choose any identity provider of their choice to log in to their VIDIZMO Portal.
  • After configuring and enabling Microsoft SSO on your portal, you can disable default VIDIZMO login to restrict users to sign in using their Microsoft Live ID credentials only. However, VIDIZMO Login will be enabled by default if all other configured SSO providers are disabled.
  • By default, following Microsoft parameters about a user are exposed to VIDIZMO when that user provides consent for signing in VIDIZMO using Microsoft Live ID credentials:
    • First Name
    • Last Name
    • Email Address


Microsoft Portal Configuration

1. Log in to your Microsoft Application Registration Portal using your Microsoft Live Id credentials. However, Microsoft recommends registering and managing converged applications by using the new and improved App registrations experience in the Azure Portal. We will walk you through the latter as the former becomes obsolete. Learn about its basics here: Web app that signs in users


2. Go to the Azure portal.


3. Next, you need to Register an App using Azure Portal to create a web app that signs you into VIDIZMO Portal.

i. When choosing supported account types, choose Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com). Learn more about it here: Supported Account types.

ii. Set Redirect URI (also known as Reply URL) as your VIDIZMO portal URL with the callback path appended i.e. /sso/signin-microsoft. For example, if you portal is lexcorp.enterprisetube.com, your Redirect URI shall be lexcorp.enterprisetube.com/sso/signin-microsoft.

iii. You can skip adding Logout URL but you need to check ID Tokens under Implicit grant as this web application requires the Implicit grant flow to be enabled to sign-in the user.


4. At the end of this section, follow the steps given here to obtain the following three entities: your Application(Client) ID of the app you created and Key generated against the app you created. These will be used later in VIDIZMO Portal configuration.


Note: If you have multiple portals, separate applications need to be registered for each portal. Also, ensure your URL is in HTTPS as Microsoft Live Id only works in HTTPS mode. To see how to do that, read How to configure your Portal to use HTTPS only.


VIDIZMO Portal Configuration

1. From the Portal's Homepage,

i. Click on the navigation menu on top left corner.

ii. Expand Admin tab.

iii. Click on the Settings tab and you'll be directed to Portal Settings page.




2. On Portal Settings page,

i. Click on the Apps tab on the left-hand panel.

ii. Further click on the Single Sign-On tab.

iii. Locate the Microsoft SSO App on the screen, and click on the Settings icon at the right-hand side.



3. Microsoft SSO Settings screen offers various fields, each of which is explained below:

i. Client ID: This attribute is the unique identifier for the client application known as the Application ID copied in step 4 when registering the application on the Microsoft Portal.

ii. Client Secret: The client secret is used in conjunction with Client Id to authenticate the client application as noted in step 4 when registering the application on the Microsoft Portal.

iii. Callback Path: Specifies the callback location where the authorization will be sent to your Portal. This needs to be appended with the portal's URL when specifying Redirect URI in Microsoft App configuration. 

iv. Attribute Mapping: Attribute Mapping allows you to map your attributes with the IDP's attributes.

v. Use the Save button to save your changes.




A notification will appear stating Portal Information Updated Successfully.


4. When done defining the values in the previous step:

i. Turn on the feature using the toggle button. 




Outcome

Navigate to the Portal's login screen and you will see an option Sign in with Microsoft SSO.




To learn more about signing in using Microsoft Live ID, read Sign in using Microsoft Account.