In this article, we will be introducing kintone's integration with Azure Active Directory (Azure AD), a cloud service for identity and access management.
What is Azure Active Directory?
Azure AD is a cloud service for identity and access management that enables secure access to various applications and Microsoft products.
Customers who want to use both Office 365 and kintone can do so by utilizing the functions of Azure AD. Azure AD offers not only high affinity with Microsoft products, but also has the following advantages:
- Unified management of cloud authentication servers for on-premises and could services
- No requirement for operations of the authentication server
- Collaboration with other services on the Microsoft Azure Marketplace
Synchronize Azure AD and log in to kintone
Use Azure AD as the identity provider to log into kintone. By doing so, you can combine the single sign-on (SSO) environment with other services such as Google Apps, Salesforce, Office 365 and multi-factor authentication (2 factor authentication). Details of the SAML authentication on kintone can be found here.
Configure federation with Azure AD
Select kintone from Azure's Application Directory and set kintone's address in the settings. On kintone's administration screen, enable the SAML settings, and place in information related to the sign-in page of Azure AD. Details of the setting procedure can be found here.
Test the SSO
After completing the settings, close all browsers and try accessing kintone. The login screen of Azure AD should be displayed instead of kintone's log in screen.
Synchronize on-premises Active Directory and log in to kintone
If the on-premises (Windows Server available inside your company) AD federation is set in the above configuration, you can log in to kintone by using the domain account (Windows login account) available inside the company. Single sign-on with other applications such as Google Apps etc. is also possible.
Configure Azure AD and AD (Windows Server environment) federation
Using the settings above, you can configure the federation with the AD in your Windows Server with the Azure AD directory that is federated with kintone. To perform a federation, first set up the Active Directory Federation Services (AD FS) and the Web Application Proxy. When the setup is complete, use Windows PowerShell (command utility) to set up a trusting relationship between Azure AD and AD FS (exchange the meta information including certificates mutually). Finally, synchronize the configuration of Azure AD information with Active Directory information (such as users) available inside the company.
Details on how to integrate your on-premises directories with Azure Active Directory can be found here.
Test the SSO
After completing the settings, close all browsers and try accessing kintone. A login screen (shown below) of AD FS exclusive for the company will be displayed logging into this page will also log you into kintone. If you log in to the Windows environment (domain) of the company and use Internet Explorer (IE), then the login screen will not be displayed and single sign-on (SSO) will be performed.
We hope that this article will help you set up the desired SSO environment through Azure AD, and be able to log in seamlessly with kintone and other services.