Single Sign-On

3 min read

Overview #

This guide walks you through configuring Single Sign-On (SSO) between xLytix and Microsoft Entra ID (formerly Azure Active Directory). The process consists of two stages: 

  1. Register the xLytix application in Azure Portal 
  1. Configure SSO settings within xLytix 

Register xLytix in Azure Portal (Microsoft Entra ID) #

In this step, you will create and configure the xLytix application registration in your Azure tenant, then collect the credentials needed to complete the xLytix configuration. 

1.1 Sign in to Azure Portal 

Sign in to the Azure Portal using an account with Global Administrator or Application Administrator privileges. 

https://portal.azure.com

1.2 Navigate to Microsoft Entra ID 

  • From the Azure home page, search for or select Microsoft Entra ID in the top navigation bar. 
  • In the left-hand menu, select Enterprise Applications. 
  • Click New Application, then choose Create your own application. 

1.3 Register the Application 

In the Create your own application panel, complete the following: 

Field Description / Value 
Application name xLytix_XXXX (or your preferred name) 
Intent Register xLytix to integrate with Microsoft Entra ID  

1.4 Configure Authentication & Redirect URL 

  • After the application is created, open it and go to Authentication in the left menu. 
  • Under Platform configurations, click Add a platform and select Web. 
  • Enter the following Redirect URI: 

https://Domain_Name/xapi/api/v1/auth/sso/callback

  • Ensure your tenant setting is configured to the appropriate scope (single tenant or multi-tenant) for your organisation. 
  • Click Save. 

1.5 Create a Client Secret 

  • In the left menu of your registered application, select Certificates & secrets. 
  • Click New client secret. 
  • Enter a description (e.g., xLytix SSO Secret) and choose an expiry period. 
  • Click Add. 

Copy the secret Value immediately after creation. It will only be displayed once and cannot be retrieved later. Store it securely. 

1.6 Collect Required Credentials 

Record the following values from the Azure Portal — you will need them in Step 2. 

Field Description / Value 
Client Secret The secret value copied in step 1.5 
Tenant ID Found in Microsoft Entra ID → Overview → Tenant ID 
Application (Client) ID Found in App registrations → Application Name (xLytix_XXXX or the correct name if different) → Overview 

1.7 Grant API Permissions 

  • In the application left menu, go to API Permissions. 
  • Review the assigned permissions and click Grant admin consent for [Your Organisation]. 
  • Confirm when prompted. The status indicators should show Granted. 

1.8 Configure an Azure AD Group for Access Management (Optional) 

If you want to manage which users can access xLytix through an Azure AD security group: 

  • In Microsoft Entra ID, navigate to Groups and create a new Security group (e.g., xLytix_Users). 
  • Add the relevant users as members of the group. 
  • In your Enterprise Application, go to Users and groups and assign the security group. 
  • Enable User assignment required in the Properties menu to restrict access to group members only. 

Configure SSO in xLytix #

With the Azure credentials collected in Step 1, you can now enable and configure SSO within the xLytix platform. 

2.1 Access SSO Settings 

  • Log in to xLytix using your Master Account credentials. 
  • Navigate to Settings → Admin Settings → SSO Configuration. 

2.2 Enable and Configure SSO 

  • Toggle Enable Single Sign-On to the ON position. 
  • Under Identity Provider, select Microsoft. 
  • Populate the following fields using the credentials captured earlier. 
Field Description / Value 
Tenant ID Your Azure Tenant ID 
Client ID Your Azure Application (Client) ID 
Client Secret Your Azure Client Secret value 
xLytix Domain https://Domain_Name 

2.3 Test the Connection 

  • Click Test Connection to verify that xLytix can communicate with your Azure identity provider. 
  • A successful test will display a confirmation message. If the connection fails, double-check that all credentials are entered correctly and that the redirect URI in Azure matches exactly. 

2.4 Save the Configuration 

  • Once the connection test is successful, click Save to apply the SSO configuration. 
  • Users assigned in Azure (Step 1.8) will now be able to sign in to xLytix using their Microsoft credentials. 

Troubleshooting 

Field Description / Value 
Connection test fails Verify the Tenant ID, Client ID, and Client Secret are correct. Ensure the Redirect URI in Azure exactly matches the xLytix callback URL. 
Users cannot log in Confirm the user is assigned to the Enterprise Application in Azure (or is a member of the assigned AD group). 
Admin consent error Ensure the account granting consent has Global Administrator or Privileged Role Administrator permissions in Azure. 
Client secret expired Return to Azure Portal → Certificates & Secrets, generate a new secret, and update the value in xLytix SSO Configuration. 
Cookie Consent

Our website uses cookies to ensure you get the best experience on our website.

Learn More