Setup Single Sign-On (SSO) access with Microsoft Azure

This article explains step-by-step the necessary steps to set up Single Sign-on (SSO) with Microsoft authentication services.

Before setting up SSO, please get in touch with the babelforce Success Team. We will provide you with the redirect URL you need to add to the App you are registering.

Setting up SSO in Microsoft

• Go to https://portal.azure.com/#home and click on Azure Active Directory. If you don't see this option on the first page, click on "More Services".

• From the sidebar of the active directory select "App registrations" and create a new app by clicking on "New registration"

• Fill in the details to register the application and confirm with "Register"
  • The redirect URI will be added in the next step as it will be provided by babelforce as soon as you filled in all credentials

• Make sure to save the Application ID and Client Secret 
• We will go back to this section once everything is setup

• Next, go to Certificates & secretes to generate the client secrete. Decide on the expiration time.
• Be aware: you must copy the secrete value right away - after you left the page, the secret value will not be visible anymore. Just pass it to any text processor for later use.

View of Client secret once you left the page:

• Under "Token configuration" click on "Add optional claim"
  • select ID
  • from the list, chose email
  • on saving, allow the permission change 

•  To complete the setup, go to "Manifest"
• in line 4, change the "null" to 2. It should look like this: 
  "accessTokenAcceptedVersion": 2,

 babelforce setup

• Now that everything is setup, find the SSO settings in the babelforce manager:

Global Settings > SSO identity provider 

• • You will only be able to access the settings if you have manager rights
• Before we can start filling out the details, make sure to have your Microsoft azure settings open in another tab
• Go back there, click on overview and "Endpoints". This will give you all the details you need to complete the SSO setup
  • if you left the App, go back there via Active Directory > App registration and enter the App you created in the beginning

• To fill out the form, you need a few details. Below you see the mapping in babelforce. Everything that is filled in black is static and can be found as copy paste text below the image. Everything in turquoise needs to be copied from Azure.
  • You need to copy the orange boxed ids in the screenshot above and match them to the screenshot below

Copy paste values for babelforce:

• Site: https://login.microsoftonline.com
• Principle Claim: email

Once you filled out these required details, press on the little + next to redirect URI and you will be presented with the redirect URIs. 

To complete the setup, stay on the same page in your Azure app and add two redirect URIs, one for manager2 and the other for babelConnect2

• Click on "Add a redirect URI"

• In the window that opens select "Add a platform" and then select "Web"
• Copy past the URIs for manager2 and after that from babelconnect2

• Once you setup both redirect URIs, you will see both URIs

Testing your setup

You have now successfully setup SSO. The last remaining step is to test your setup. First, create a new user with management or any other type of rights in Global settings > User management. Ensure the user has an email address that matches your Azure Active Directory user account.

For the login, you will need your company's name as saved in babelforce. You find it here:

apps.{yourbabelforcenamespace}.babelforce.com/manager/manager/account/overview

• Copy paste the exact name of the company

•  Go to the babelforce manager login screen
• Paste your company's name and follow the login procedure

If you encounter any problems, please get in touch with your babelforce team by contacting success@babelforce.com.