Single sign-on with Azure Active Directory

For those who wish to bypass Compleat’s own login process, you can use Azure active directory to implement single sign-on for your users. Admins are required to create an app registration in Azure to authenticate users outside of the Compleat system.

This guide only represents the steps required to configure SSO using Azure Active Directory. Please email clientservices@compleatsoftware.com if you wish to implement SSO using another platform.

 

To set this up, follow the steps below, most of which are required on your Azure platform to:

  1. Register and get a tenant and client ID for use with your Compleat company.
  2. Add our Compleat SSO guest account to your app registration.

Your Compleat usernames need to match those of your Azure AD, if they don’t, a renaming process may be required.

Configure Azure & generate Tenant & Client IDs

  1. Login to Azure management portal.
  2. Select Azure Active Directory.1.png
  3. Click App registrations on the left of the screen.2.png
  4. Click New registration.3.png
  5. Type an appropriate name for your client’s registration.4.png 
  6. Select who can use this registration.

    We recommend selecting - Accounts in this organizational directory only.

    5.png

  7. For a full user experience, provide a redirect URI to direct users to your Compleat login screen.

    Paste the URL of your login page.

    Cloud login URL:

    https://{RegionServer}.compleat.online/{CustomerName}/AuthFiles/Login.aspx

    On-premise login URL:

    https://{MyServer}/compleat/AuthFiles/Login.aspx

    6.png
  8. Click Register.7.png
  9. Click Authentication on the left. 8.png
  10. Scroll down to locate the Front-channel logout URL

    Paste Compleat’s logout URL into the field box.9.png 

    Cloud logout URL:

    https://{RegionServer}.compleat.online/{CustomerName}/AuthFiles/signout.aspx

    On-premise logout URL:

    https://{MyServer}/compleat/AuthFiles/signout.aspx

  11. Further down the page, click to select the checkbox ID tokens. 10.png
  12. Click Save.11.png
  13. Now to get the IDs.

    On the left, click Overview.12.png

  14. Locate the Application (client) ID & Directory (tenant) ID ‘Copy to clipboard’ or make a note of both IDs.13.png
  15. Email these IDs to clientservices@compleatsoftware.com and we'll sort the configuration on our side.

You're on the home stretch for setting up single sign-on. Once you have sent the IDs to us, the last point to do is add a Compleat support guest user.

 

Add Compleat as a support user

Creating a Compleat support user on your Azure registration is required so we can provide full support and admin services on your Compleat account once you have implemented single sign-on.

Follow the steps below to allow a support user:

  1. From the Azure company overview page, click Users.14.png
  2. Click New guest user.mceclip1.png
  3. Select Invite user.16.png
  4. Enter the email address eCompleatSSO@compleatsoftware.com17.png
  5. Click Invite.mceclip4.png

 

Well done, that should just about do it! We will respond to notify you when the Azure AD configuration is up and running.

Copyright Compleat