For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
Request featuresContact support
User guideHow-to guides
User guideHow-to guides
    • Overview
  • Consumer eSIM Global
    • Integrate with Omnissa
    • Integrate with Microsoft Intune
    • Integrate with Jamf Pro
  • Device management
    • Block operators
    • Manage device tags
    • Release SIMs from devices
    • Rename devices in bulk
    • Use CSV files for bulk actions
  • Device policies
    • Add IP address spaces
    • Assign devices to a policy
    • Update existing device policies
  • emnify Portal tables
    • Customize table view
    • Filter table contents
    • Search through tables
    • Manage automations
  • Satellite
    • Manage satellite connectivity
    • Set up a satellite SIM
    • Set up multi-factor authentication
  • Single-sign on
    • Microsoft Active Directory
    • OpenID Connect (OIDC)
    • Google Cloud Platform
    • Switch providers
    • Troubleshooting
  • SMS
    • Send SMS via the emnify Portal
    • Set up a Zapier SMS integration
    • Use the emnify SMS Web App
  • Workspaces
    • Create a new Workspace
    • Link existing Workspaces
    • Manage Workspace users
    • Switch between Workspaces
    • Transfer SIMs
    • Update your company details
    • Upgrade your Trial plan
    • View centralized reports
LogoLogo
Request featuresContact support
On this page
  • Prerequisites
  • SSO with Microsoft
  • Configure the emnify Portal
Single-sign on

Set up SSO with Microsoft Active Directory

Was this page helpful?

Last updated December 20, 2022

Previous

Set up multi-factor authentication

Next

Set up an OpenID Connect (OIDC) provider for federated login

Built with

This guide walks through enabling single sign-on (SSO), so your Workspace can access the emnify Portal using your Microsoft Business credentials.

Prerequisites

  • An Azure Subscription with an Active Directory license
  • An emnify account using the same email address as the one used to sign in to Azure

If your email address used in the emnify Portal differs from the one used to log in to Azure, this setup won’t work. You can verify your email in User Settings.

Instead, add an additional user with the Administrator role. To do this, go to Workspace settings > Users.

SSO with Microsoft

Log in to Azure and navigate to Azure Active Directory in the left sidebar.

At the top of the page, click + Add and then App Registration. From there:

  • Give your app a Name (for example, “emnify”).
  • The Supported Account Types should be Multitenant. This requests a consent screen on IDP verification in the Portal later.
  • Set the Redirect URI to type Web with the value: https://prod-e5.okta.com/oauth2/v1/authorize/callback

Navigate to Authentication in the left sidebar, and in the section Implicit grand and hybrid flows, enable Access tokens and ID tokens.

Go to Token configuration in the left sidebar, click Add optional claim, and under SAML, enable the upn claim. Leave the option Turn on the Microsoft Graph profile permission unchecked.

Head to API permissions in the left sidebar, click the existing permission entry Microsoft Graph (1) and confirm the email and profile OpenID permissions.

Your configuration should look like this:

In the left sidebar, go to Expose an API, click Set, and then click Save.

After navigating to Certificates & Secrets in the left sidebar, click New client secret.

Copy the Value and save it to a secure location.

This value won’t be shown again.

Choose an expiration date and mark your calendar to generate and configure a new secret before it expires.

Navigate to Overview in the sidebar and copy the Application (client) ID to use later in the emnify Portal.

Configure the emnify Portal

1

Log in to the emnify Portal.

2

Go to Workspace settings (building icon) in the top-level navigation and click Single Sign-On.

3

If you need SSO enabled for your account, contact emnify support. Otherwise, click Add under the Microsoft SSO provider.

4

Enter the Client ID and Client Secret you copied earlier, then click Create and Activate.

5

Once you’re back on Single Sign-On, you should see Microsoft listed as a Provider.

6

Finally, click Verify Integration and follow the prompts.

You must complete the final step and verify the provider to configure SSO.

Refer to the Troubleshooting page if you encounter issues while setting up SSO.