Azure AD is an identity and access management service from Microsoft. As part of the Blue10 – Enterprise subscription, the integration between Blue10 and Azure AD can be set up. Read more about the integration in this blog.
How can I activate the integration with Azure AD in my Blue10 environment?
If you use the Blue10 – Enterprise subscription, you can activate the integration with Azure AD by yourself. Please enter your information in the contact form below to request the enterprise subscription if you are not yet making use of this type of subscription.
Follow these steps to activate the integration with Azure AD for your Blue10 environment:
- Inform pre-existing Blue10 users about the upcoming change for logging in to Blue10. This way you can make sure colleagues are aware that the regular method of logging in will no longer work.
Note: steps 2 to 7 must be performed by a user with administrator rights in Blue10 and administrator rights in the Azure AD tenant to be linked!
- Existing users in Blue10 must be associated with an email address registered in the Azure AD tenant. This email address must match the User Principal Name. In Blue10 at Settings > Users, verify that this is the case. If a user’s email address does NOT match the User Principal Name in the Azure AD tenant, this user will not be able to log in to Blue10 after activation. Make sure to adjust this email address and/or register this user in the Azure AD tenant. Do users work from different Azure AD tenants? It is possible to connect multiple Azure AD tenants to the Blue10 environment.
- In Blue10, navigate to Settings > Authentication Management. This page is only available if the Blue10 – Enterprise subscription is activated and is only visible to a user with administrator rights in Blue10.
- Choose Add Azure AD Tenant.
- A Microsoft sign-in window opens. Sign in with the Microsoft account that has administrator rights in the Azure AD tenant to link Azure AD to Blue10.
The Blue10 application is now available in the Azure AD tenant; and the Azure AD tenant is now associated with the Blue10 environment. The associated Azure AD tenant is now visible in Blue10 at Settings > Authentication Management > Authentication Providers.
- Choose Grant Admin Consent below Authentication providers in Blue10.
- A page from Microsoft opens with an overview of the rights to be granted and the request to grant permission to Blue10 to access the associated Azure AD tenant. Confirm that Blue10 will have access to the Azure AD tenant and grant the requested permissions.
The next step is to associate the users in Blue10 with a user in the Azure AD tenant:
- Below Authentication providers, check the associated Azure AD tenant.
Note: From this moment on it is no longer possible to log in to Blue10 using other login methods.
- At the Azure AD tenant, below Authentication providers in Blue10, choose Connect users. It will verify whether all users in Blue10 can be linked to a user in the Azure tenant.
- Verify that all users all associated with a user in the Azure AD tenant by checking Settings > Authentication Management > Users in Blue10. A green check mark is then displayed after the user’s name below the name of the associated Azure AD tenant.
- Is there a red cross after a user’s name instead of a green check mark? Then check whether the condition in step 2 is being met.
It is possible to connect multiple Azure AD tenants to the Blue10 environment. If a user has a red cross below one Azure AD tenant, but a green check mark below another, this user can still successfully log in as long as the Azure AD tenant is allowed under Settings > Authentication Management > Authentication Providers.
