/
Authentication

Authentication

Single Sign On (SSO) allows you to authenticate using your central identity provider. To configure SSO in IguanaX, please follow the steps below.

Note: To configure SSO settings in Azure, you must have appropriate user-level permissions within your organization’s Azure Active Directory (AAD), typically an administrator role.

 

Open IguanaX, and go into the Authentication page from the Settings menu. From the Provider drop-down list, select Microsoft.

Leave this page open. You’ll later return to enter your Client ID and Organization ID from Azure.

Log into your Azure Portal. In the top search bar, type App Registrations, then select it.

 

From the App registration menu, click New Registration.

 

Fill out the following details in the “Register an application” page:

  • Create a recognizable display name.

  • Under “Supported account types”, select “Accounts in this organizational directory only (Default Directory Only - Single Tenant)”. This will ensure that the application only exists within this Azure directory, and will not span multiple directories.

  • Under Redirect URI, choose Single-page application (SPA) from the drop-down menu, then enter your domain name (e.g. https://yourdomain.com).

Click on Register.

Once you've registered Iguana, you’ll be brought to the Overview page.

In the left-hand navigation, under Manage, select Token configuration.

Click Add groups claim.

In the Edit groups claim panel, select Directory roles. Click Add.

Your claims will be listed here:

This step ensures that Microsoft returns the user’s group memberships when authentication occurs. However, we need the client to have the appropriate permissions to do that in the first place. We get that through the “API permissions”.

In the left-hand navigation, select API Permissions. You’ll see a default permission listed, usually User.Read.

Click on Add Permission, then select Microsoft Graph.

Select Delegated permissions, then search for “Directory” in the Search Permissions search box, select Directory and then Directory.Read.All. Click Add permissions.

 

You’ll now see “Directory.Read.All” listed as part of your API permissions. Click on Grant admin consent for Default Directory, and confirm by clicking Yes on the pop-up.

Once completed, you’ll see the status Granted for Default Directory.

Using the left-hand navigation menu, return to the Overview page of the app registration. Copy the Application (client) ID and the Directory (tenant) ID.

Go back into IguanaX and paste the Application ID into the Iguana Client ID field, and the Directory ID into the Organization ID field. Click Save.

Optional: Leaving the Organization ID field blank allows any Microsoft Workspace account to sign in. Filling it in restricts sign-ins to users from your specific Azure directory only.

Now we can verify our SSO functionality!

Log out of IguanaX. On the login page, you should now see “Sign in with Microsoft” as an authentication option.

Click it and confirm that you can successfully sign in using your credentials.

 

Setup is complete! IguanaX is now integrated with Microsoft SSO through Azure Active Directory.