Below are the steps your Azure AD Administrator can use to set up SSO to log into Tripleseat with an Azure AD login. We have enabled IDP Initiated Logins, so before following the steps below, login into Tripleseat and click on Settings. Click on Preferences and then click on User Authentication. Scroll down and check off "Allow IDP Initiated Logins". Please use the unique URLS created on this screen instead what is listed below which are the generic URLs. You will use the ACS URL for the Reply URL, the Entity ID for the Identifier URL and the Start URL for the Sign on URL:
Log into Azure AD and click on the Menu button if the menu is not showing:
Then click on Azure Active Directory:
On the Active Directory screen choose Enterprise Applications:
Choose New application:
Choose Non-gallery application on the next screen:
Type Tripleseat in the Name field:
Choose Set up single sign on:
Click the SAML option:
Click the pencil in the Basic SAML Configuration box:
Fill in the top 3 fields with the following and then hit Save at the top of the screen, the rest can stay blank. If you checked off IDP :
Reply URL: https://login.tripleseat.com/saml_acs
Sign on URL: https://login.tripleseat.com
Next we will be filing out information to connect Tripleseat with your Azure AD account. Log into Tripleseat in a new browser tab or window as you will be copying and pasting multiple items between both systems.
In Tripleseat click on Settings, click on Preferences and then click on User Authentication. Check Enable Connection in the SAML Settings area.
In the IDP Display Title type in Azure, click the copy button next to Azure AD Identifier and paste the URL in Issuer URL in Tripleseat. Click the copy button next to Login URL in Azure and paste that URL in SAML 2.0 Endpoint URL in Tripleseat.
In the SAML Signing Certificate area in Azure, press Download next to Certificate (Base64), open the file in TextEdit (Mac), Notepad (Win) or any other plain text editor. Copy the full text from the certificate and paste it into the IDP Certificate in Tripleseat.
If you want to only allow Tripleseat users to log in with only Azure AD credentials, click Required for all users. If this is not checked, they can log in with either Tripleseat or Azure credentials. We recommend keeping this unchecked until you've tested SSO successfully with your users. Click Update to save in Tripleseat:
Go back to the Azure AD tab in your browser and click on Users and Groups:
Click on Add User:
On the following screen choose Users, then select the users on the right hand that need access to Tripleseat and then click Select. Please note the email addresses for these users need to match the email addresses they use for their Tripleseat login:
You will see an overview of how many users are being assigned, click Assign at the bottom of this page:
You are now set up for SSO. Go back to the Tripleseat tab, log out of Tripleseat (bottom left button) and you will now see the option to log into Tripleseat using your Azure AD credentials: