When you integrate GetAccept with Azure AD, you can:
Control in Azure AD who has access to GetAccept.
Enable your users to be automatically signed-in to GetAccept with their Azure AD account.
Manage your accounts in one central location - the Azure portal.
Before setting up the integration its good to understand:
Each entity in GetAccept requires a separate Enterprise Application in Azure
The normal login page to GetAccept will not be supported for SSO. To short-link directly to SSO login, please refer to the Login URL in GetAccept SAML settings page
Adding GetAccept to your Azure applications
Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
On the left navigation pane, select the Azure Active Directory service.
Navigate to Enterprise Applications and then click New application in the top
(for the new app gallery click Create your own application)
Select Non-gallery application
Enter GetAccept as name on the right pane and click Add.
Enable GetAccept SSO
Follow these steps to enable GetAccept SSO support.
Login to GetAccept, and go to Settings, Integrations, Provisioning and SSO
Make sure you are logged in to GetAccept using app.getaccept.com and not a subdomain, example companyx.getaccept.com
Click Connect next to SAML Authentication
Keep this browser tab open for easy access of settings in later steps
Configure Azure AD SSO
Follow these steps to enable Azure AD SSO in the Azure portal.
In the Azure portal, on the GetAccept application integration, find the Manage section and select Single sign-on.
On the Select a single sign-on method page, select SAML.
Click the edit/pen icon for Basic SAML Configuration to edit the settings.
Copy/paste values from the SAML Authentication page in GetAccept. See mapping below.
Click Save in the top and choose to validate later.
Configure GetAccept SSO
In the Azure portal, on the application page you have created, navigate to Single Sign-on, under SAML Signing certificate, click Certificate (Base64) Download and open the downloaded certificate file in a text-editor.
Copy/paste the file content into GetAccept under PUBLIC X.509 CERTIFICATE
Copy/paste the rest of the fields from Azure to GetAccept. See mapping below.
Click Save in GetAccept and make sure the integration says Connected.
Assign the Azure AD test user
In the Azure portal, select Enterprise Applications, and then select All applications.
In the applications list, select GetAccept.
In the app's overview page, find the Manage section and select Users and groups.
Select Add user, then select Users and groups in the Add Assignment dialog.
In the Users and groups dialog, select yourself from the Users list, then click the Select button at the bottom of the screen.
Select the role admin for your user. (In case when adding other users from azure the role should correspond with their user role in GetAccept)
Validate and save AD SSO
Make sure that the current logged in AD administrator also is a user in GetAccept using the same email address. Also logout from GetAccept before validating to make sure the integration is working.
In the app's overview page, find the Manage section and select Single sign-on.
Click Validate at the bottom
Select Sign in as current user
Wait a few seconds and verify the logged in user inside GetAccept at the upper right corner. Got it working? Yay!
Adding the GetAccept logo to the application
We recommend that you enable the application to all users and also upload the GetAccept logo.
Download the GetAccept logo below by right-clicking and saving the logo.
In the app's overview page, find the Manage section and select Properties.
Upload the PNG-file under Logo.
Click Save at the top.
Test your Azure AD single sign-on configuration using the Access Panel.
When you click the GetAccept tile in the Access Panel, you should be automatically signed in to the GetAccept for which you set up SSO. For more information about the Access Panel, see Introduction to the Access Panel.
Redirect to specific page after single sign-on
If you have a situation where you want to redirect a user to a specific page or document behind a secure login you can use a custom "go" parameter in the SSO url. This is powerful if you are using an external system to generate the document and receive the sent document url or document url for editing before sending out.
Example how to redirect and open a document for editing before sending:
In the GetAccept integration settings page you can find the entity-specific Login URL. Combine this login url with the document url you want to redirect the user to:
This will create a SSO request for the entity abcd1234, authenticating and logging in the user, then redirecting the user to edit the document xyz1234abc.
Troubleshooting Authentication error / WindowsIntegrated
If you're receiving errors like:
AADSTS750: Authentication method “WindowsIntegrated, MultiFactor” by which the user authenticated with the service doesn’t match requested authentication method “Password, ProtectedTransport”
AADSTS75011: Authentication method “X509, MultiFactor” by which the user authenticated with the service doesn’t match requested authentication method “Password, ProtectedTransport”. Contact GetAccept application owner.
We have seen that omitting
RequestedAuthnContext value in the request is a workable solution.
You can change this by specifying the following additional attribute in GetAccept -> Settings -> Integrations -> SAML: OPTIONAL ATTRIBUTES (JSON)
'authnContextClassRef' : false
"Signature validation failed. SAML Response rejected" means that the signature validation process failed.
In this case, the x509 cert entered in GetAccept settings is wrong. Make sure it contains the BEGIN and END CERTIFICATE tags. If you copy-paste the certificate using for instance Microsoft Teams chat it might remove some of the dashes. Make sure there are 5 dashes before and after BEGIN CERTIFICATE and END CERTIFICATE.
We have seen unique cases where the certificate generated in the Azure application was incorrect, thus being rejected when redirecting to your endpoint. Make sure that the certificate starts with MIIC8, if not you should generate the base64 certificate again within the SAML configuration of your application.
AADSTS700016: Application with idenfitier
was not found in the directory 'xxxx'
This means that the Azure application has been setup using the wrong address to the application and should not be setup while logged in to GetAccept using a subdomain. Try to login using https://app.getaccept.com and go to settings, SSO and copy the correct values to the Azure application configuration.
We are here to help you if you get stuck at any step setting up the integration.
Use the chat-icon to the right to start a conversation with our support team or send an email to firstname.lastname@example.org