To set up SSO for Younium using OIDC and Microsoft Azure log into the Younium application as System administrator and do the following:
- Talk to your Younium CSM to ensure that SSO is part of your contract. Your Younium CSM needs to enable SSO for you.
- Enable the SSO permission by doing the following: Settings> Roles> System Administrator> Enable the permission Single sign on Settings under the section Security.
- Log into Younium with a user that have System administrator permissions and do the following:
- Click on your name in the top right corner, select Privacy & Security
- Under Workspace select SSO and Setup SSO connection
- Under the OpenID section select Custom OpenID
- At the Step Create an Application with your IdP, skip this step (and do not use the URL displayed during this step). Press Next
- Provide your Issuer URL at the step 2 (named: Provide your Issuer URL) in the Setup guide by pasting your OIDC metadata document URL (well-known) from your Azure app in the URL section below and click "Next."
-
Enter your Application (client) ID and Client Secret from your Azure Configuration, then
click "Next."
- Click "Continue to claim domain". In the next step, you must claim your SSO domain. Follow the DNS record setup instructions. If you run into any problems with validating your Domain, please reach out to Younium support.
- Set the default roles for SSO users, standard settings is "Read Only". Do not use any of the other roles
- Log out from Younium, at next log in at app.eu.younium.com SSO should be enabled
You are now done with setting up your SSO connection. A common problem if does not work is the DNS validation. Please ask the Younium support to check/enable the DNS validation.
User creation via identity provider is not supported. The user must be created in both Younium and your identity provider.