Single Sign-On Configuration for HRLocker (Microsoft)

How to Configure Azure Active Directory (AAD) to Register HRLocker’s Application for Single Sign-On

Single Sign-On Configuration for Azure Cloud Services

How to Configure Azure Active Directory (AAD) to Register HRLocker’s Application for Single Sign-On

Overview

This document outlines the steps required to configure Single Sign-On (SSO) for HRLocker within Microsoft Azure Active Directory. By following these instructions, you will register HRLocker as an application in your Azure AD tenant, grant appropriate permissions, and provide the required configuration details to HRLocker support.

Prerequisites:

• Administrator access to your Azure Active Directory
• HRLocker account and access to HRLocker support if needed

Step-by-Step Configuration

1. Accessing the Microsoft Azure Portal

1. Go to the Azure Portal.
2. Sign in with your Azure AD administrator credentials.
3. From the home page, click on Azure Active Directory under the "Azure services" section.

2. Navigating to App Registrations

1. In the left navigation panel, select App registrations.
2. This section allows you to create and manage applications integrated with Azure AD.

3. Registering a New Application

1. On the App registrations page, click New registration.
2. In the Name field, enter a descriptive name for the application, e.g., HRLocker App.
3. Under Supported account types, select Accounts in this organizational directory only (default).
4. For the Redirect URI:
   • Set the platform type to Web.
   • Enter the following redirect URI:
     https://identity.hrlocker.com/commonauth
5. Click on Register to create the application.

4. Configuring Additional Redirect URIs

1. After the application is created, you will be taken to the Overview page.
2. Under the Essentials section, click on the link beside Redirect URIs to edit the configuration.
3. Add the following additional redirect URI:
   https://hrlockerb2c.b2clogin.com/hrlockerb2c.onmicrosoft.com/oauth2/authresp
4. Set the Front-channel logout URL to:
   https://login.hrlocker.com/SignOut
5. Click Save to confirm these changes.

5. Creating a Client Secret

1. In the left panel, click on Certificates & secrets.
2. Under Client secrets, click New client secret.
3. Provide a description (e.g., "HRLocker Secret") and choose an expiration period.
4. Click Add.
5. Important: Copy the Value of the client secret immediately. This value is displayed only once. You will need to provide this secret to HRLocker support.

6. Granting Necessary Permissions

1. In the left panel, click on API permissions.
2. Click Add a permission, then select Microsoft Graph.
3. Choose Delegated permissions.
4. Under Delegated permissions, select Directory.Read.All and User.Read.
5. Click Add permissions.
6. If required, click Grant admin consent to finalize the permissions. This may prompt for admin credentials.

7. Sending Required Details to HRLocker

1. Return to the Overview page for your application.
2. Copy the Application (client) ID.
3. Along with the Client Secret Value (retrieved earlier), send these details to HRLocker support. They will configure the integration on their end.
4. If you have a preferred method of sending us these data securely, let us know, otherwise you can share the details with us via LastPass, contact Support for more info.

Summary of Data to Provide to HRLocker

• Azure Active Directory  Application ID or Okta Client ID
• Secret ID
• Secret Value
• Secret Creation Date
• Secret Expiration Date
• Tenant ID
• Domain/s  (please list all email domains that you want to include in your SSO integration)

Next Steps

Once HRLocker support receives the application credentials (Client ID and Secret), we will complete the SSO configuration on our side. After confirmation, your users should be able to sign in to HRLocker using their Azure AD credentials, streamlining authentication and enhancing security.