When you integrate GetAccept with Azure AD, you can:
- Control in Azure AD who has access to GetAccept.
- Enable your users to be automatically signed-in to GetAccept with their Azure AD account.
- Manage your accounts in one central location - the Azure portal.
Before setting up the integration its good to understand:
- Each entity in GetAccept requires a separate Enterprise Application in Azure
- The normal login page to GetAccept will not be supported for SSO. To short-link directly to SSO login, please refer to the Login URL in GetAccept SAML settings page
Adding GetAccept to your Azure applications
- Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
- On the left navigation pane, select the Azure Active Directory service.
- Navigate to Enterprise Applications and then click New application in the top
- Select Non-gallery application
- Enter GetAccept as name on the right pane and click Add.
Enable GetAccept SSO
Follow these steps to enable GetAccept SSO support.
- Login to GetAccept, and go to Settings, Integrations, Provisioning and SSO
- Click Connect next to SAML Authentication
- Keep this browser tab open for easy access of settings in later steps
Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
- In the Azure portal, on the GetAccept application integration, find the Manage section and select single sign-on.
- On the Select a single sign-on method page, select SAML.
- Click the edit/pen icon for Basic SAML Configuration to edit the settings.
- Copy/paste values from the SAML Authentication page in GetAccept. See mapping below.
- Click Save in the top and choose to validate later.
Configure GetAccept SSO
- In the Azure portal, on the application page you have created, navigate to Single Sign-on, under SAML Signing certificate, click Certificate (Base64) Download and open the downloaded certificate file in a text-editor.
- Copy/paste the file content into GetAccept under PUBLIC X.509 CERTIFICATE
- Copy/paste the rest of the fields from Azure to GetAccept. See mapping below.
- Click Save in GetAccept and make sure the integration says Connected.
Assign the Azure AD test user
- In the Azure portal, select Enterprise Applications, and then select All applications.
- In the applications list, select GetAccept.
- In the app's overview page, find the Manage section and select Users and groups.
- Select Add user, then select Users and groups in the Add Assignment dialog.
- In the Users and groups dialog, select yourself from the Users list, then click the Select button at the bottom of the screen.
- Click Assign
Validate and save AD SSO
Make sure that the current logged in AD administrator also is a user in GetAccept using the same email address. Also logout from GetAccept before validating to make sure the integration is working.
- In the app's overview page, find the Manage section and select Single sign-on.
- Click Validate at the bottom
- Select Sign in as current user
- Wait a few seconds and verify the logged in user inside GetAccept at the lower left corner. Got it working? Yay!
Adding the GetAccept logo to the application
We recommend that you enable the application to all users and also upload the GetAccept logo.
- Download the GetAccept logo below by right-clicking and saving the logo.
- In the app's overview page, find the Manage section and select Properties.
- Upload the PNG-file under Logo.
- Click Save at the top.
Test your Azure AD single sign-on configuration using the Access Panel.
When you click the GetAccept tile in the Access Panel, you should be automatically signed in to the GetAccept for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Troubleshooting Authentication error / WindowsIntegrated
If you're receiving errors like:
AADSTS750: Authentication method “WindowsIntegrated, MultiFactor” by which the user authenticated with the service doesn’t match requested authentication method “Password, ProtectedTransport”
We have seen that omitting
RequestedAuthnContext value in the request is a workable solution.
You can change this by specifying the following additional attribute in GetAccept -> Settings -> Integrations -> SAML:
OPTIONAL ATTRIBUTES (JSON)
'authnContextClassRef' : false
"Signature validation failed. SAML Response rejected" means that the signature validation process failed.
In this case, the x509 cert entered in GetAccept settings is wrong. Make sure it contains the BEGIN and END CERTIFICATE tags. If you copy-paste the certificate using for instance Microsoft Teams chat it might remove some of the dashes. Make sure there are 5 dashes before and after BEGIN CERTIFICATE and END CERTIFICATE
We are here to help you if you get stuck at any step setting up the integration.
Use the chat-icon to the right to start a conversation with our support team or send an email to email@example.com