Skip to main content

SSO Setup - Azure AD / Entra ID

Overview

This document provides instructions on how to set up Single Sign-On (SSO) for Breeze using Azure Active Directory (Azure AD) / Azure Entra ID. SSO allows users to log in to Breeze using their organization's credentials.

Prerequisites

  • Breeze Tenant/Portal is created and ready.
  • Azure Entra ID SSO Setup is ready (See Azure Entra ID Setup for SSO).
  • Terms and Conditions are accepted by the customer (prices may apply).

Access Conditions

In order for your users to log in to Breeze, they first MUST be allowed to use the Azure Entra ID SSO application. This is done by assigning users to the application within Azure Entra ID.

By default, users will not automatically have access to Breeze. There are a couple of strategies to assign access to Breeze for the company users:

  • Default strategy: The user must first be created in Breeze by an admin. The user will then be able to log in to Breeze using the Azure Entra ID SSO, assuming they have been assigned to the application in Azure Entra ID and the user's email in Breeze matches the email in Azure Entra ID.
  • Automatic strategy: The user will be automatically created in Breeze the first time they log in using the Azure Entra ID SSO. This requires that the user has been assigned to the application in Azure Entra ID. For more information, see SSO User Onboarding.

Required Information

The setup in Breeze will be done by Breeze Support. The following information is required for the setup:

  • Application (client) ID: The unique identifier for your application in Azure AD.
  • Directory (tenant) ID: The unique identifier for your organization's directory in Azure AD.
  • Client secret: A secure key that your application uses to authenticate with Azure AD. This is generated in the Azure portal under your application's "Certificates & secrets" section.

Configuration Steps

Required roles

Required roles: System Administrator
To perform the following steps, you need to have the roles listed above.

danger

Make sure to have the required information ready before proceeding with the following steps.
Setting up an SSO integration will change the way your users log in to Breeze. Make sure to communicate this change to your users.

Additional steps are required to enforce the SSO login for your users.
Please refer to the Enforce SSO for all users section for more information.

The following steps are required to set up SSO for Breeze. This is done by the Breeze Team only.

  1. Gather Required Information: Make sure to have the required information ready (see Prerequisites).
  2. Navigate to the Breeze Tenant/Portal and go to the Tenant settings page.
  3. Open the Security settings tab and click on the Edit security settings button.
  4. Find the SSO Settings section and click on the Change Settings button.
  5. Enter the required information in the fields provided and hit the Save button.
  6. Login to Breeze using the Azure Entra ID SSO to test the setup. By default, the usage of the SSO is optional for the users, see Enforce SSO for all users for more information.

What's Next

Congratulations! You have successfully set up SSO for Breeze using Azure Entra ID.

To further enhance and take advantage of the Breeze SSO integration, you can explore the following features:

Enforce SSO for all Users

To level-up the security of your users and ensure the usage of the SSO integration, you can enforce Multi-Factor Authentication (MFA) for all users and require them to log in using the Azure Entra ID SSO.

SSO Route

Create a dedicated route for your users to log in to Breeze using the Azure Entra ID SSO. This route will redirect users to the Azure Entra ID login page, where they can log in using their organization's credentials.
To learn more about the SSO route, see SSO Route.

SSO User Onboarding

Automatically create new users when logging in from an SSO source if they do not already exist in Breeze. This feature streamlines the process of adding new users to Breeze and ensures that all users have access to the platform.
For more information, see SSO User Onboarding.

SSO Role Management

Simplify the assignment and management of user roles by using the SSO Role Management feature. This feature allows you to assign roles to users based on their Azure Entra ID group membership.
For more information, see SSO Role Management.