To allow users in your organization's Azure AD to sign up - and sign in - to Gluu with ease you need to do the following:
Tip! If you're creating a new account then you can sign up with Microsoft (click the button here). This will add your organization's Azure 'tenant ID' automatically. Note that it is only possible if your company's security policy allows you to add new applications (typically you need to be an AD Admin user)
Step 1: Approve Gluu as an app in your Azure AD
- Log in to your Azure portal (as administrator).
- Approve Gluu as an app.
- Log in to Gluu (as Account Owner) and go to 'Account and users'. Click the widget 'Authentication' inside Gluu (see the image below)
NOTE! It's important that the Gluu Account Owner and the AD administrator is the same (email.)
- Add your Azure AD Tenant ID. Then add the groups that you allowed to access Gluu:
Want to limit access to members of specific AD groups?
This is useful if you're part of a large organisation but only a smaller group of users will use Gluu - or if you want to run multiple Gluu accounts and give different groups access to each.
As a default Gluu will allow any member of a tenant ID to sign up and sign in. If you add a group then users trying to sign up will only be allowed access if they 1) use an email that is in your organization's Azure AD and 2) are a member of one of the allowed groups.
To add groups you just need to...
- Add each group's 'Object ID' (found in your Azure AD Portal settings) to the second field below.
Now users that are in your Azure AD can easily sign up and sign in to your organisation's Gluu account.
Step 2: Your users can sign in to Gluu
When you're ready to deploy then send the users that you want to invite an email with a link to https://secure.gluu.biz/#/login - ask people to click the button with the Microsoft logo:
Each user will then be authenticated against your Azure AD (and any specific groups that you added). If the user's email matches and the user is in the group, then he/she will enter Gluu and the user will automatically created in your Gluu account.
From now on, he/she can enter Gluu by clicking the Microsoft button. Users don't have to create any separate passwords.
Adding roles and rights
Roles and rights have to be added to the user after he or she has accessed and been set up. See this article on managing rights.
How to revoke access
This access will be granted until the user is removed from your Azure AD domain and/or the groups that you have allowed to access. So, if you want to stop a user from accessing Gluu, then he/she should be removed from your Azure AD (or the allowed groups).
Authenticating users that are already in Gluu
If a user has been added before the AD integration was setup up, then this user can also access with authentication by clicking the Microsoft sign in button.
Tip! If you want to add roles and rights to users before they sign in, then add them to Gluu manually first - without inviting them. You can then send out a common email with the link and instruction to sign in by clicking the Microsoft sign in button. Gluu can help you import larger sets of users. Just send the list to our helpdesk.
Tags: Integrations, IT Support, Technical