How to: Integrate with Microsoft Azure Active Directory (AD)
Log into Microsoft Azure and open Default Directory.
- In the "+Add" menu, click "App registration."
Register Hellotracks application
- Enter the information as it is presented in the screenshot below:
- Name: e.g. Hellotracks
- Redirect URL: Choose "Web" and set https://auth.hellotracks.com/v1/callback.
- Click "Register."
Create a new Client Secret
- After creating the Application, enter “Add a certificate or Secret” or in "Certificates & secrets", click "+ New client secret."
- Click "Add."
Keep a copy of your secret Value (not Secret ID).
Assign Users and Groups to the Hellotracks App
- Only users that are assigned to the app have access to Hellotracks via SSO.
- You can assign users to the app e.g. by clicking the link below "Managed application in local directory" in the app overview page.
Configure the app within Hellotracks
- Choose "API & Integrations" in the main menu.
- In the Single Sign-On section, click "Setup SSO configuration."
- Select "Azure AD" as the Identity Provider.
Enter Tenant ID and Client ID which can be retrieved from the application overview page in Azure AD.
Enter Client Secret in Hellotracks which you already copied before. Make sure it's the Value.
All done.
Now users are ready to use Azure AD for SSO in Hellotracks. ✅
For users to log in via SSO:
WEB
- Go to https://live.hellotracks.com/login and click the Single Sign-On button on the bottom (this will navigate users to the SSO page).
- Enter either an existing Hellotracks username or the company code for users that do not yet exist in Hellotracks.
MOBILE
- Click "Log in."
- Click "Single Sign on."
- Enter either an existing Hellotracks username or the company code for users that do not yet exist in Hellotracks.
After a successful SSO log in of a user that doest not yet exist in Hellotracks, the user will automatically be created and the worker role will be assigned.
To get into the SSO login page of your identity provider, you can either use an existing username in Hellotracks or set the code seen in the SSO configuration section as the username to get forwarded to the SSO login page of your identity provider.