Skip to main content
Azure Active Directory SSO

Enable your employees to securely and seamlessly sign in using Single Sign-On (SSO)

Chris Morris avatar
Written by Chris Morris
Updated over a month ago

This article applies to:

Admins

Premium Procurement

Estimated time: Less than 15 mins

About this article

Enable your employees to sign in to Vendr using Single Sign-On (SSO). This article covers creating a SAML integration and connecting your SSO provider to Vendr.

How it works

When you use the Azure Active Directory SSO integration employees will be prompted to log in to Vendr using single-sign-on through Google instead of magic links. SSO provides a quick and secure method of passing user authentications and authorizations between your identity provider and Vendr.

Important Note:

We do not support multi-domain access to the Vendr app. All users must have an email that matches the domain in your Vendr Instance. Contact support with questions.

Benefits

  • Increase security by centralizing user access to Vendr through your SSO provider

  • Provide a quick and seamless way for employees to log into Vendr – no magic links required.

Requirements

  • Vendr Admin

  • Azure AD Admin

NOTE

Installing the Azure SSO integration does not sync users to Vendr for assigning steps in workflows. To sync users to Vendr you'll also need to configure an Identity Provider or HRIS integration.

Overview

To allow employees to log in to Vendr using your SSO provider, you will:

Create SAML Application

  1. Sign in to the Azure Active Directory portal using your Microsoft identity platform administrator account.

  2. Select Enterprise Applications > New application.

  3. Select Create your own application. The Create your own application page appears

  4. Under What are you looking to do with your application? choose Integrate any other application you don't find in the gallery.

  5. Select Create. The application Overview page opens.

  6. Select Properties to open the properties pane for editing.

  7. Set the following options to determine how users who are assigned or unassigned to the application can sign into the application and if a user can see the application in the access panel.

  8. Enabled for users to sign-in determines whether users assigned to the application can sign in - set this to Yes

  9. User assignment required determines whether users who aren't assigned to the application can sign in - set this to No

  10. Visible to user determines whether users assigned to an app can see it in the access panel and O365 launches - set this to Yes

  11. Add the Vendr logo to help identify the application.

Configure SAML Application

  1. Select Single sign-on to begin configuration.

  2. Select SAML. The Set up Single Sign-On with SAML

  3. Select the Edit icon (a pencil) in the upper-right corner of the Basic SAML Configuration section.

  4. Enter in the Identifier (Entity ID) provided by Vendr's Configure SSO page.

  5. Enter the Reply URL provided by Vendr's Configure SSO page.

  6. Go to the SAML Signing Certificate section.

  7. Download the certificate, selecting the Federation Metadata XML format.

Enable SSO in Vendr

  1. Navigate to Vendr and select admin and then SSO

  2. Select Azure AD as the SSO Provider

  3. Upload the downloaded metadata file from the previous step to Metadata XML field

  4. Click Submit

πŸŽ‰ Congrats! Your integration is now connected.

TIP

Vendr doesn't automatically support IdP-initiated logins. Users will be prompted to log in through OneLogin when users log in directly from Vendr.

To enable users to login to Vendr directly from the OneLogin dashboard add the following URL as an application bookmark:

https://app.vendr.com/#/login?via=saml&domain=YOUR_DOMAIN

Did this answer your question?