Important: This tutorial applies to organizations in either our Growth tier, or higher tiers. If you are on another plan, please contact support.
Overview
If your organization uses Azure Active Directory as an identity management and access platform, you can now set up Single Sign-on for your professionals using SAML 2.0. With our SSO integration you also get:
Automatic provisioning of all new users
Mapping of user attributes from Azure AD to Clearview Social
Login to Clearview Social using your SSO domain
The following tutorial will show you step-by-step how to create a new connection in Azure AD, and how to configure that connection to allow your users to login.
Important: You must be an administrator both for Azure AD, and for your Clearview Social organization to complete this tutorial!
Step 1: Create the application in Azure Active Directory
Within your Azure Portal, go to the Azure Active Directory service
Click the "Enterprise Applications" menu item in the left-hand navigation
Click "New Application" to start creating a new application
In the "Browse Azure AD Gallery" screen, click "Create your own application"
For the application name, enter "Clearview Social Login"
For "What are you looking to do with your application?" select "Integrate any other application you don't find in the gallery (Non-gallery)"
Click "Create"
Step 2: Configure the application in Azure Active Directory
From the "Clearview Social Login" app you created in Step 1, click "2. Set up single sign on"
Select SAML as the single sign-on method
In Section 1 - Basic SAML Configuration, click "Edit" to make changes
In a separate browser tab, open Clearview Social and go to the SSO Settings Page: https://app.clearviewsocial.com/org/settings/sso
Copy the following values from the Clearview Social SSO Settings page into the Azure SAML Settings page:
"Our Entity ID" should be copied into the "Identifier (Entity ID)" label - click "Add Identifier" to enter the value
"Our SSO URL" should be copied into the "Reply URL (Assertion Consumer Service URL)" label - click "Add Reply URL" to enter the value
For "Sign on URL (Optional)", you can enter the value you used for the Reply URL - just remove the trailing /callback from the URL
"Our SLO URL" should be copied into the "Logout Url (Optional)" label
Click "Save" to save the application settings in Azure AD
When complete, the setup should look something like the following (you will see "app.clearviewsocial.com" URLs instead of the developer URLs shown here:
Step 3: Configure SSO Settings
With the Azure Single Sign-on page still open, scroll down to Section 4 - "Set up Clearview Social Login"
In a separate browser tab open the SSO Settings Page: https://app.clearviewsocial.com/org/settings/sso
Copy the following values from the Azure Single Sign-on page into the Clearview SSO Settings page:
"Login URL" should be copied into the "Single Sign-In URL"
"Azure AD Identifier" should be copied into the "Issuer URL"
"Logout URL" should be copied into the "Single Logout URL"
After copying these values, go to the Clearview Social SSO Settings tab, and enter the following:
Under "Valid Domains", enter any valid email domains you use for your corporate login. Note: These will always be corporate domain names, for example clearviewsocial.com, or yourfirmname.com. Gmail, Yahoo, Outlook.com are not valid domains for SSO!
Under "SSO Platform", select "Azure AD"
Keep both pages open - in the next step, we will configure the x509 certificate
Step 4: Configure Certificate
With the Azure Single Sign-on page still open, scroll up to Section 3 - "SAML Signing Certificate"
Next to "Certificate (Base64)" click "Download", and save the file on your desktop
Open the file in a text editor (NOT Microsoft Word - use notepad if on Windows)
Copy the full value of the certificate out of the file, including
BEGINandENDlinesPaste this value into the "Your Public Certificate" section of the Clearview Social SSO Settings Page
Click "Save" to save the SSO Settings from both Step 3 and this step
Step 5: Configure Attributes in Azure AD (Optional)
Important: The values used here are going to be highly dependent on the setup of your identity store. The suggested values below assume a user pool created in Azure AD. What's more important here is that the suggested attributes are named to our specifications:
By default, our application will understand the attributes set as follows in Azure AD:
If you need to make any modifications to these settings, please contact support as this would involve custom development work to support alternate claims.
Note: If you would like to add groups claims to your Single Sign-on, you use the "Edit" function to add a group claim. How you establish these claims is highly dependent on your organization; however, it is important that they are sent in claims as a list, and provided in the default schema namespace that Microsoft provides. Once groups have been added, the Attributes & Claims will have this claim added:
Step 6: Add Users to your Application in Azure AD
In Azure AD, click "Users and groups" in the left-hand navigation menu
Click "+ Add user/group" to add an existing Azure AD user to the Clearview Social Login application
Select a user from the list, and click "Select"
Click "Assign" to complete the addition
Step 7: Test Your Login
Important: If you were logged into Clearview Social already to complete the previous steps, log out of Clearview Social before testing the connection!
At this point, you should be able to log into Clearview Social using Azure AD. From the Azure AD Single Sign-on Settings Page, scroll down to Section 5 - "Test single sign-on with Clearview Social Login"
In the panel that opens, select "Sign in as current user", and click "Test sign in"
You should be successfully logged into Clearview Social with your Azure AD user. If the user was not previously in Clearview Social, you should see an activation screen, and you will receive an email to activate your account.
Any Further Questions?
If you have any further questions about setting up SSO for your organization, please use the chat bubble within Clearview Social, or reach out to support to learn more!