The steps below describe the configuration to be completed by the client to set up the Azure AD/Microsoft Entra ID Single Sign On feature using the OIDC protocol.
Pre-requisites:
Please contact your Customer Success Manager to kick-off the Single-Sign-On enablement process.
Identity Provider = Azure Active Directory or Entra ID
Protocol selected = OIDC
Step 1: Retrieve AAD GUID/ Tenant ID (Needs to be completed by an AAD Admin)
- Log into portal.azure.com as the Azure AD Global Admin.
- In the search bar, search for “azure active directory”. Among the results, select Microsoft Entra ID/(Azure Active Directory) under “Services”.
- Select “Properties” within the “Manage” menu.
-
Locate and copy your “Directory ID” and send it to your Customer Success Manager or the Technical Support Team at MediaValet
Step 2 : the MediaValet Technical Support Team enables the integration
The Technical Support Team will setup the SSO integration in the back end with the Tenant ID that you provided and will create a default rule and add at least one user as an admin.
Our Tool will run a check on emails and on the validity of groups and IDs and will save the settings.
The library will now be ready to use the Authorization Rules Engine to authorize its users into MediaValet.
Step 3: Verification
- Navigate to your library's home page
- Click on “Sign In with a Work Account” and log in with a valid AD account
- After accepting the “Terms and Conditions”, you should be able to be authorized as a member of a group based on the authorization policy currently in place.
-
If your email was set to be authorized as an admin, you will be able to navigate to https://[yourlibrary.mediavalet.com]/sso-management/authorization-rules to manage the authorization rules (Also accessible through the Settings gear >Users > Authorization Rules)
-
If you’re not authorized as an admin, report to MediaValet Support team with screenshots and any additional details you can provide
-