Skip to main content
Matrix42 Self-Service Help Center

Single-Sign-On (SSO) Setup with Microsoft Entra ID

This section describes the configuration of single sign-on (SSO) with Microsoft Entra ID.

What is the Microsoft Entra ID? https://learn.microsoft.com/en-us/entra/fundamentals/whatis

You can integrate Microsoft Entra ID with Remote Assistance Connect and create policies based on user identity and group membership. Users authenticate to Remote Assistance Connect with their Azure AD credentials.

Set up Microsoft Entra ID as an identity provider

Obtain Azure AD settings

The following Azure AD values are required to set up the integration:

  • Application (client) ID
  • Directory (tenant) ID
  • Client secret
  • Domain name

To retrieve those values:

  1. Log in on to Azure portal. (https://portal.azure.com)
  2. Go to Azure services >Microsoft Entra ID.
  3. Select Manage > Enterprise applications.
  4. Select New application.
  5. Select Create your own application.
  6. Enter the name of your application, e.g. Remote Assistance Connect.
  7. Select the option Integrate any other application you don't find in the gallery (Non-gallery).

    CreateOwnApp.png
  8. Click on the button Create.
  9. In the overview of the created application click Set up single sign on.
  10. Select on the left side Properties.
  11. Set the properties of the created application as in the following picture. A logo file is optional.

    RAC_Properties.png
     
  12. Click on the button Save.
  13. Next Step, go to Home and select App registrations, Click All applications and select the new created application.
  14. Under Redirect URI, select the Web platform and enter the following URL: https://connect.matrix42.com/auth/login/sso/entra-id
  15. UncheckID tokens, and click Save.

    RAC_ConfigureWeb.png
  16. Disable implicit grant.
  17. Next go to Manage > Certificates & secrets and select New client secret.
  18. Enter the name of the client secret and choose an expiration period.
  19. Click on the button Add.

    After the client secret is created, copy its Value field. Store the client secret in a safe place, as it can only be viewed immediately after creation.

  20. Next step go to Overview and copy Application (client) ID and Directory (tenant) ID  and the Client Secret to the Entra ID settings configuration page of Remote Assistance Connect.

    clipboard_e40bd64d1e610fa854f4d952d78a43c34.png
  21. Enter the Domain Name and click on Save.

Configure API permissions

  1. From the App registrations page for your application, go to API permissions.
  2. Select Add a permission.
  3. Select Microsoft Graph.
  4. Select Delegated permissions and enable the following permissions:
     
    1. User.Read
    2. Group.Read.All (RA Connect can read the group IDs)
    3. offline_access

      clipboard_ebefc516ea4d5df94333c62d633e2a51e.png
  5. Once all seven permissions are enabled, select Add permissions.
  6. Select Grant admin consent.

Add authorized Groups in Azure

  1. Go to Home > Microsoft Entra ID > Groups > New group.
  2. Select Security as Group type.
  3. Enter a Group name, e.g. Remote Assistance Admins.
  4. Add Members to this group.

    RAC_Groups_Users.png
     
  5. Repeat the process and create a group with the name Remote Assistance Users.
  6. Add Members to this group.

    RAC_Groups.png

Add authorized Groups to Enterprise Applications

  1. Go to Home >Microsoft Entra ID.
  2. Select Manage > Enterprise applications.
  3. Search for the application you created before, e.g. Remote Assistance Connect and click on it.
  4. Select Assign user and groups and then select Add user/group.
  5. Select None Selected, search for the Remote and select Groups.
  6. Activate both Remote Assistance Connect groups.
  7. Confirm the dialog with Select.

    RAC_UserGroups_to_EnterpriseApp.png

Add Groups in Remote Assistance Connect

  1. Log in on to Remote Assistance Connect (https://connect.matrix42.com) with your admin credentials.
  2. In the upper right corner click the Settings icon >User management.
  3. Select Add group.
  4. Enter the name Remote Assistance Admins.
  5. Under Member of select the Administrators group.
  6. Under Entra ID copy (only necessary at first group) the Azure Remote Assistance Admins group ID.
  7. Click on Next.

    clipboard_ebb0530ab6fd271f00668d80436e10fe3.png
  8. Repeat the process and create a group with the name Remote Assistance Users.

    clipboard_ef8c4a523162a98eca5a2ee04c79373ab.png
  9. Now you are able to define the corresponding permissions for these two new groups.
    To do this, select Permissions and assign the corresponding options according to your choice.
  10. Log off from the Remote Assistance Connect.

Test the log in with single sign-on (SSO) with Microsoft Entra ID

When testing, please make sure to not use an incognito window of your browser.

  1. Open Remote Assistance Connect (https://connect.matrix42.com) and select the button Single Sign-On.
  2. Enter your Email address an click on Sign in. Follow the instructions.

Did you log in correctly? Congratulations! You've successfully set up Remote Assistance Connect with Microsoft Entra ID.

  • Was this article helpful?