Single sign-on allows you to integrate Klaxon with third-party identity providers, so users of Klaxon can log in to Klaxon using their standard email address and password.
Active Directory domain-joined computers, that are integrated with Azure Active Directory can be configured to automatically sign into Klaxon using the credentials of the person that is logged onto the computer. Please see section below on this guide for further references.
Klaxon supports the major identity providers such as Microsoft Azure Active Directory and Okta using OAUTH2 or SAML authentication protocols.
The instructions below show how to configure Klaxon with Microsoft Azure Active Directory using OAUTH2.
Complete the fields as follows:
Protocol - Please select from "Open Auth2" or "Security Assertion Markup Language2". For Azure, please select "Open Auth2". Kindly refer to your identity provider for further information on protocols supported. Various other fields will appear depending on the protocol selected. These will be completed in the steps below. Please proceed to complete the next field.
URL Path - Please enter the first part of your login URL. If Klaxon sign-on address is https://<organisation-name>.klaxon.io/#/login then enter <organisation-name> into the Url path. e.g. acme-corporation. If you are unsure, please kindly contact Klaxon support for assistance.
Assign a role to external users - Please select "Subscriber (Shared role)". Every new user that logged in via the third party authentication provider will be assigned this role. If you have created a custom role for Subscribers, please kindly select the role.
Additional domains (1 per line) - Please enter any other additional domains that your organisation uses. This allow user with alternate domain address to be able to logon to Klaxon. For example, if your email domain is @company.com and there is an alias @same-company.com, please add each of these alias as a separate line in this field.
Step 2 - Microsoft Azure Active Directory configuration
Pre-requisite: You will require administrator access to your organisation Azure Active Directory for the following configuration steps. Please kindly refer to your internal IT team if you require help.
Step 3 - Insert setting into Klaxon configuration
Step 4 - Test Single Sign-on
Login to Klaxon from a browser using the assigned URL (i.e. https://<organisation-name>.klaxon.io/) with a domain joined device. User will be able to sign-in into Klaxon with your organisation identity.
Please revisit the steps above if the user is unable to sign-in. Should you require further assistance, please kindly contact email@example.com.
To further improve the user experience and adoption of using Klaxon, we highly recommend configuring seamless Single Sign-on where users will be automatically logged on to Klaxon without entering password. Microsoft has published various detail documentation on how to configure this in your environment. Below are some of the useful links for your reference.
If your organisation has multiple authentication provider and like to allow users from different authentication provider to access the same Klaxon Subscription, please follow the instructions below.
Setting up additional Authentication Provider
Logon to Klaxon with a Site Administration role. Using left menu navigate to Configuration > Authentication and click on ADVANCED tab on the top right of the screen. Click 'Add New' button.
Click 'Add New' button and a new SSO setting form will appear. Please follow the instructions from step 1 at the beginning this document to add the additional Authentication provider.