When you integrate GetAccept with Azure AD, you can:

  • Control in Azure AD who has access to GetAccept.

  • Enable your users to be automatically signed-in to GetAccept with their Azure AD account.

  • Manage your accounts in one central location - the Azure portal.

Before setting up the integration its good to understand:

  • Each entity in GetAccept requires a separate Enterprise Application in Azure

  • The normal login page to GetAccept will not be supported for SSO. To short-link directly to SSO login, please refer to the Login URL in GetAccept SAML settings page

Adding GetAccept to your Azure applications

  1. Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.

  2. On the left navigation pane, select the Azure Active Directory service.

  3. Navigate to Enterprise Applications and then click New application in the top
    (for the new app gallery click Create your own application)

  4. Select Non-gallery application

  5. Enter GetAccept as name on the right pane and click Add.

Enable GetAccept SSO

Follow these steps to enable GetAccept SSO support.

  1. Login to GetAccept, and go to Settings, Integrations, Provisioning and SSO
    Make sure you are logged in to GetAccept using app.getaccept.com and not a subdomain, example companyx.getaccept.com

  2. Click Connect next to SAML Authentication

  3. Keep this browser tab open for easy access of settings in later steps

Configure Azure AD SSO

Follow these steps to enable Azure AD SSO in the Azure portal.

  1. In the Azure portal, on the GetAccept application integration, find the Manage section and select Single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  3. Click the edit/pen icon for Basic SAML Configuration to edit the settings.

  4. Copy/paste values from the SAML Authentication page in GetAccept. See mapping below.

  5. Click Save in the top and choose to validate later.

Configure GetAccept SSO

  1. In the Azure portal, on the application page you have created, navigate to Single Sign-on,  under SAML Signing certificate, click Certificate (Base64) Download and open the downloaded certificate file in a text-editor.

  1. Copy/paste the file content into GetAccept under PUBLIC X.509 CERTIFICATE

  2. Copy/paste the rest of the fields from Azure to GetAccept. See mapping below.

  3. Click Save in GetAccept and make sure the integration says Connected.

Assign the Azure AD test user

  1. In the Azure portal, select Enterprise Applications, and then select All applications.

  2. In the applications list, select GetAccept.

  3. In the app's overview page, find the Manage section and select Users and groups.

  4. Select Add user, then select Users and groups in the Add Assignment dialog.

  5. In the Users and groups dialog, select yourself from the Users list, then click the Select button at the bottom of the screen.

  6. Click Assign

Validate and save AD SSO

Make sure that the current logged in AD administrator also is a user in GetAccept using the same email address. Also logout from GetAccept before validating to make sure the integration is working.

  1. In the app's overview page, find the Manage section and select Single sign-on.

  2. Click Validate at the bottom

  3. Select Sign in as current user

  4. Wait a few seconds and verify the logged in user inside GetAccept at the lower left corner. Got it working? Yay!

Adding the GetAccept logo to the application

We recommend that you enable the application to all users and also upload the GetAccept logo. 

  1. Download the GetAccept logo below by right-clicking and saving the logo.

  2. In the app's overview page, find the Manage section and select Properties.

  3. Upload the PNG-file under Logo.

  4. Click Save at the top.

Test SSO

Test your Azure AD single sign-on configuration using the Access Panel.

When you click the GetAccept tile in the Access Panel, you should be automatically signed in to the GetAccept for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.


Redirect to specific page after single sign-on

If you have a situation where you want to redirect a user to a specific page or document behind a secure login you can use a custom "go" parameter in the SSO url. This is powerful if you are using an external system to generate the document and receive the sent document url or document url for editing before sending out.

Example how to redirect and open a document for editing before sending:

In the GetAccept integration settings page you can find the entity-specific Login URL. Combine this login url with the document url you want to redirect the user to:

https://app.getaccept.com/auth/saml/abcd1234/sso?go=/document/edit/xyz1234abc

This will create a SSO request for the entity abcd1234, authenticating and logging in the user, then redirecting the user to edit the document xyz1234abc.

Troubleshooting Authentication error / WindowsIntegrated

If you're receiving errors like:

AADSTS750: Authentication method “WindowsIntegrated, MultiFactor” by which the user authenticated with the service doesn’t match requested authentication method “Password, ProtectedTransport”

or

AADSTS75011: Authentication method “X509, MultiFactor” by which the user authenticated with the service doesn’t match requested authentication method “Password, ProtectedTransport”. Contact GetAccept application owner.

We have seen that omitting RequestedAuthnContext value in the request is a workable solution.
You can change this by specifying the following additional attribute in GetAccept -> Settings -> Integrations -> SAML:
OPTIONAL ATTRIBUTES (JSON)

{
    'authnContextClassRef' : false
}


For error

"Signature validation failed. SAML Response rejected" means that the signature validation process failed.

In this case, the x509 cert entered in GetAccept settings is wrong. Make sure it contains the BEGIN and END CERTIFICATE tags. If you copy-paste the certificate using for instance Microsoft Teams chat it might remove some of the dashes. Make sure there are 5 dashes before and after BEGIN CERTIFICATE and END CERTIFICATE

-----BEGIN CERTIFICATE-----
MIID/TCCAuWgAwIBAgIJAI4R3WyjjmB1MA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
...
VW3N0PYgJtw5yBsS74QTGD4=
-----END CERTIFICATE-----

For error

AADSTS700016: Application with idenfitier 
'https://companyx.getaccept.com/auth/saml/xyz123/metadata.xml'
was not found in the directory 'xxxx'

This means that the Azure application has been setup using the wrong address to the application and should not be setup while logged in to GetAccept using a subdomain. Try to login using https://app.getaccept.com and go to settings, SSO and copy the correct values to the Azure application configuration.

Need help?

We are here to help you if you get stuck at any step setting up the integration.
Use the chat-icon to the right to start a conversation with our support team or send an email to integrations@getaccept.com

Did this answer your question?