Set up Azure Active Directory with single sign-on

Learn how to set up Azure Active Directory as an authentication source for users who log in to WhosOnLocation. You need the Account Owner or IT Support user role to set this up.

How it works

You can use Microsoft Azure Active Directory (AD) with SAML-based single sign-on (SSO) as an authentication source for your users to log in to WhosOnLocation. With SAML single sign-on, Azure AD authenticates to the application with the user's Azure or Microsoft 365 account.

Set up Azure AD SSO

WhosOnLocation is listed in the Azure AD App Gallery.  To set up SSO with Azure, you can install the WhosOnLocation app to your Active Directory instance through the Azure Portal.

For a complete tutorial on how to set this up, refer to the Microsoft documentation.

Before you start

Before starting in Azure AD, make sure you record the following details from your WhosOnLocation account:  

  1. Go to Tools > Account.
  2. Select Employee Access from the left-side menu.
  3. Next Single sign-on with SAML, select Yes.
  4. Under Our SAML Parameters, make a note of:
  • Your 6-digit ID number (highlighted below)
  • The Audience (entityId) URL – you'll use this in the Identifier (Entity ID) field in Azure.
  • The Consumer URL (ACS) – you'll use this in the Reply URL field in Azure.


Follow Microsoft's instructions to set up SSO with Azure. 

Enter the SAML settings in WhosOnLocation

Once you've configured the settings in Azure, you'll need to add following settings in WhosOnLocation:

  1. Go to Tools > Account.
  2. Select Employee Access from the left-side menu.
  3. Under SAML Configuration, in the Issuer URL field, paste the Azure AD Identifier from the Azure portal.
  4. In the SSO Endpoint field, paste the Login URL from the Azure portal.
  5. Open the downloaded certificate from the Azure portal and paste the content into the Certificate field.
  6. Click Save SAML Configuration.