Azure AD SSO Setup

Superblocks single sign-on (SSO) with Azure Active Directory (Azure AD) lets your team seamlessly authentication and access Superblocks using their Azure AD credentials. This guide walks trhough how to configure single sign-on for Superblocks.

Prerequisites

To setup SSO for your organization, you'll need:

• An Azure AD tenant
• A user account with, at a minimum, Cloud application administrator access
• A Superblocks organization on the Enterprise plan

Setup Azure AD

Set up single sign-on for Azure AD by registering an application in the Azure portal. See Microsoft's Quickstart: Register an application with the Microsoft identity platform for full details.

Register an application

1. Sign in to the Microsoft Entra admin center
2. Navigate to Identity → Applications → App registrations
3. Click + New registration
4. Name the application
5. Set Supported account types to Accounts in this organizational directory only
6. Under Redirect URI select Web and enter https://login.superblocks.com/login/callback
7. Click Register

Setup authentication

After your app has been registered, configure authentication for the application.

1. In App registrations select your new application
2. Under Manage, select Authentication
3. Set the Front-channel logout URL to https://app.superblocks.com/logout
4. Under Implicit grant and hybrid flows check the boxes for both Access tokens and ID tokens
5. Save your configuration

info

For customers on Superblocks EU set the logout URL to https://eu.superblocks.com/logout

Add a client secret

Superblocks uses a client secret to authenticate with Azure when requesting user authorization tokens. To create a client secret for you application:

1. Under Manage, select Certificates & secrets
2. On the Client secrets tab, click + New client secret
3. Enter a description and select an expiration date for your secret
4. Click Add
5. Copy the secret value

caution

The secret value will never be shown again after you leave this page. Be sure to copy and save it to a safe place like your password manager.

Configure IdP-initiated login

To allow users to login to Superblocks directly from Azure AD instead of initiating the login from Superblocks, follow the steps below to update the login URL for the Azure application.

1. Under Manage, select Manifest
2. Scroll down to the "signInURL" property and set its value to "https://app.superblocks.com?connection=MyCompanyName-AzureAD"

caution

Replace MyCompanyName with your company’s name. Remove all spaces and special characters from the name. If your company name is multiple words, capitalize the first letter of each word. For example, the company River Bank Technologies would become RiverBankTechnologies

3. Click Save

Send IdP info to Superblocks

Once you've configured your Azure AD application, send the following information to support@superblocks.com

Client ID	The Application (client) ID for your Azure AD. You can find this value on your app's Overview screen.
Client Secret	The secret value you copied when you added a client secret. Note: we recommend using a secure transfer mechanism such as https://onetimesecret.com or similar to send the secret.
Azure AD Domain	Your Azure AD domain name. You can find this on your Azure AD directory's overview page in the Microsoft Azure portal.
Other domains	The list of domain and domain aliases your employees should be able to use when logging into Superblocks.