SSO in 10 minutes with Azure AD and Frame
How many passwords do your users have to remember?
How long does it take you to de-provision a user who no longer has access?
Do you enforce password rules or a password change policy?
We asked our customers these questions. We learned that many have spent time and money building authentication (login) systems for their companies or products and they would very much like to keep using those systems when their users launch applications on Frame.
That meant we needed a fast and easy way to support Single Sign-On (SSO). With SSO, users can launch applications without having to login to Frame separately. If the authentication system you’ve already built for your users handles user authentication for Frame too, then your IT support team can manage login questions using your existing tools and systems. Your security and compliance teams can also be confident that disabling a user’s access in your existing authentication system will disable that user’s access to any applications you’ve deployed through Frame.
Sounds great, right? Well, the integration will only take six months and we’ll need to put together a Gantt chart and review progress every morning in a stand-up meeting, and probably need to add a contract addendum too and…
Just kidding!!! This is the twenty-first century.
SSO is such an important tool, industry standards have been created to make securely connecting two systems quick and easy. There are several, competing standards, but Frame selected SAML2 to drive our SSO feature because it is the most widely supported standard. We can work with any identity provider (login server) that supports SAML2 and pretty much any server that supports the other standards also supports SAML2.
One of the most popular identity providers is Microsoft’s Active Directory. The easiest and most scalable way to integrate Active Directory with Frame is to use the Active Directory Connect feature of Microsoft’s Azure AD platform. This allows your IT team to create controlled access for authenticating specific users or groups using only Microsoft tools. Azure AD handles the internet facing portion of the integration, saving your security team the trouble of creating custom firewall rules or security policies.
Once your Active Directory is connected to Azure AD, it only takes a few minutes to create a custom authentication with Frame. Contact your Frame account manager to enable this feature on any Frame Platform Ultimate account. Then just copy and paste a couple of URLs and IDs between Frame and Azure AD and you’re done.
Set aside around 10 minutes for the whole setup — just enough time for a good cup of tea. For more details, you can read our, step-by-step instructions on our Frame Documentation page.
