There are two ways to connect Cameyo to Azure AD single sign-on: Generic and Custom. One is quick and easy, the other is more advanced and allows more customization.
Prerequisites
In your Company Settings page, under Authentcation you should have a Subdomain and Identity domain. A subdomain looks like: company.cameyo.com. An identity domain looks like company.com. If you don't have them ready, you should claim them first or contact Cameyo's support to have them set up for you.
Generic Microsoft SSO integration (quick method)
The Generic method displays Microsoft online's generic login, which is not specific to your company yet allows connecting to it without much configuration. It always looks like this:
Generic Microsoft SSO dialog
To get this working, simply select "Microsoft" in the Company Settings page under the Authentication field, and submit:
Custom AD Azure SSO (advanced)
This mode of SSO connection is more advanced, and allows for a custom SSO dialog and rules for users reaching your Cameyo subdomain. It consists of adding an Azure Application and connecting Cameyo to it:
Sample custom SSO dialog
Step 1: create an Azure App
Unless you already have an Azure AD app, you need to create one to connect to Cameyo. In your Azure portal, go to Azure Active Directory and click on App Registrations.
- Create a new application by clicking "New registration".
- Name it and select the relevant account type (usually "Accounts in this organizational directory only").
- Under Redirect URI, add: https://online.cameyo.com/oidc
- Click "Register"
Take a note of your "Application (client ID)" and "Directory (tenant ID)":
Click on "Certificates & Secrets" and create a new client secret for Cameyo. Take a note of the new Client Secret as it won't be displayed again afterwards:
Collecting the elements
You should now have these 3 items:
- Directory (tenant) ID
- Application (client) ID
- Client Secret (see below)
To obtain the client secret, go to "Certificates & secrets" and click "New client secret"
Connecting to Cameyo
Once you have these items, go to your portal's Company Settings page. Under the Authentication field, select Custom provider:
- Issuer URL: enter https://login.microsoftonline.com/[directory (tenant) id]/v2.0 for example, if your directory/tenant ID is 12345678-90ab-cdef-1234-567890abcdef, you should enter here https://login.microsoftonline.com/12345678-90ab-cdef-1234-567890abcdef/v2.0
- Client ID: enter your Azure Application ID.
- Client Secret: enter your application's client secret.
Submit the changes and check the result by navigating to your company's subdomain (i.e. company.cameyo.com)