Microsoft Azure Active Directory is a SAML based identity provider like OneLogin and Okta. It allows you to effectively manage access to your Helpshift Dashboard using a secure and scalable identity management system. The benefits of using Azure Active Directory with Helpshift Dashboard include:
- Ease of access: no need to manually type in, renew, or worry about weak login credentials causing security issues
- Prevent common weak points in the authentication experience, including username/password login and password reset requests
- Quickly and easily block credentials for a team member who is no longer part of your support organization
Note: Only Helpshift Admins can execute the following steps given below, where OneLogin is configured in your Helpshift Dashboard.
To use the Microsoft Azure Active Directory with Helpshift Dashboard:
- In the Microsoft Azure portal, navigate to the ‘Enterprise Applications’.
- Click the ‘New application’ and navigate to the ‘Non-gallery application’.
- Select the name of your application and click ‘Add’.
- The App page appears.
- Navigate to the ‘Single Sign-on’ section and select the ‘SAML’ option.
- The SAML Configuration page appears.
- Edit the ‘Basic SAML Configuration‘ and enter the following details:
Identifier – https://<your-domain>.helpshift.com
Reply URL (Assertion Consumer Service URL)- https://<your-domain>.helpshift.com/login/saml/acs/
Sign on URL – https://<your-domain>.helpshift.com/login/saml/idp-login
Relay State – https://<your-domain>.helpshift.com/admin
Logout URL – leave blank - Click ‘Save’.
- Edit the ‘User Attributes & Claims‘.
- Edit the ‘Name identifier value‘ and confirm the ‘Choose name identifier format’ is same as given ‘Email address‘.
- In the ‘SAML Signing Certificate‘, download the ‘Certificate (Base64)‘ and copy the ‘Login URL‘ and ‘Azure AD Identifier’.
- Open the Helpshift Dashboard and navigate to Settings.
- Navigate to Integrations and turn on the Single Sign-On (SAML – SSO).
- Select the ‘Identity Provider (IdP)’ as ‘Azure Active Directory‘ and add the ‘Login URL‘ in the ‘SAML 2.0 Endpoint URL‘ text field.
- Add the certificate content in ‘X.509 Certificate‘ (without using the ‘—–BEGIN CERTIFICATE—–‘ and ‘—–END CERTIFICATE—–‘ lines).
- Add the ‘Azure AD Identifier‘ as ‘Issuer URL‘. Make sure that you do not check the ‘Disable Login through Email and Password‘ checkbox.
- Click on ‘Apply changes‘ and Logout.
- On the Helpshift Login page, you will see the ‘Azure Active Directory‘ as a new option to log in.