- Knowledge Base Home
- SSO
- SSO Configuration
-
Getting Started
-
Hubs, Partners & Advisors
-
Task Management
-
Projects & Playbooks
-
Question Based Assessments
-
Requirement Based Assessments
-
Third-Parties/Vendors
-
Trust Portal
-
Registers
-
Issues & Incidents
-
Risk Management
-
Controls
-
Compliance
-
Metrics
-
Reporting
-
Attestations
-
Vulnerabilities
-
Administration
-
SSO
-
Integrations
-
Content Provider
-
Help and Support
SSO Fix for Azure AD Environments
PLEASE NOTE: This article only applies to existing 6clicks Azure AD SSO integrations prior to May 10th, 2023.
Customers who configured SSO using Azure AD according to the instructions provided prior to 10 May 2023 will have a multi-tenant Azure AD application and a multi-tenant Issuer URL. We have since released updates to our Azure AD SSO integration to enable a more secure single-tenant configuration. We highly recommend organizations make this change from a security perspective.
This can be identified by the following:
- A 'Supported Account Types' value of 'Accounts in any organizational directory (Any Azure AD directory - Multitenant)' in the Azure AD application
- In the 6clicks SSO configuration screen, the value for “Issuer URL” will be the global/multi-select Azure AD issuer URL https://login.microsoftonline.com/common/v2.0
To successfully change the Azure AD application to be a single tenant application, do the following at the same time:
- Change the 'Supported Account Types' value in the Azure AD application to 'Accounts in this organizational directory only (XXXXX only - Single tenant)'
After performing step 1), In the 6clicks SSO configuration screen, change the “Issuer URL” value to be the value of the Azure AD application’s ‘OpenID Connect metadata document’ endpoint, but without the “/.well-known/openid-configuration’ at the end.
Note: If you are still experiencing issues with your configuration, please Submit a Support Ticket.