Single Sign-On (SSO) in Breeze
1.) Ensure that on the Active Directory side you have correctly created the SAML Single sign-on application. If you have not created one or need to verify the process the steps are below in the Azure Portal (https://portal.azure.com) ensure you are logged in as the Global Admin account for your organization. This is generally required to create enterprise applications and also assign users to the application.
2.) Navigate to "Enterprise applications" (use the search if you don't see it on the home screen)
3.) Select
New Application then select "Non-gallery application" as this will be
a custom setup.
4.) Select
Create your own application
5.) Give
the application a name, such as "BreezeSAML" or something that is more descriptive for your organization. Once the app is created, you'll be
taken to the Overview page. You can find this menu in the future by
selecting "Enterprise applications" then searching for and selecting "BreezeSAML" .
6.) On the left of the
application page, you'll find your navigation pane. Select "Single
sign-on" below the "Manage" group header.
7.) If
you haven't already set-up Single sign-on, you'll be prompted to select a method.
Select SAML.
8.) Now that this is complete, navigate to your Breeze Server to complete the Breeze SSO Identity Providers set-up to
get its Metadata XML file. (This file contains all the URLs the application
needs to configure SAML with Breeze). Be sure to keep your Azure window open, as we have additional information to gather to place into Breeze. To
add a SAML IdP for Azure Active Directory click the plus icon in the top right corner. Then, fill in the
required information found on the SSO entry page, as follows:
8a.) Name: The name for the IdP which
will display on the Login page. This can be an organization name, or anything that users know to click it for use. For example,
"University" will be displayed as "Login with
University". This name is also used for the folder in the Users tree
that new accounts will be added to.
8b.) Entity ID: The Entity ID is the name of the SP used on the IdP. For convenience the Entity ID is generated automatically.
9.) Now, copy the IdP URL, SIgn-On Service URL & Logout Service URL from section 4 on the Microsoft Azure Set up Single Sign-On with SAML page.
Copy the Login URL to the Sign-On Service URL: The URL for the IdP sign-on service.
Copy the Azure AD Identifier/Microsoft Entra Identifier to the IdP URL: The IdP is a URL to the Entity ID on the IdP.
Copy the Logout URL to the Logout Service URL: The URL for the IdP logout service.
Microsoft Azure recently changed the label from Azure AD Identifier to Microsoft Entra Identifier:
10.) Change the IdP Encryption to Base64 (IdP Certificate Input Format) and SP Encryption to No Service Provider Certificate.
11.) Press the button and then download the Metadata XML file from here:
12.) Upload the metadata file to your Azure SAML Single Sign-On and press Save after the XML has been uploaded.
Before downloading the certificate in the next step, please ensure that you make all of the Azure setting changes. If changes are made after, you will need to download the certificate again and save it into Breeze.
13.) The Download option will now be available:
14.) Open the .cer file with Notepad copy everything and paste into the Identity Provider Certificate section under the SSO Identity Providers section in Breeze.
15.) Finally, press the Update button to save final changes.
Once you have added users you can test the login by logging out of Breeze and clicking the new login button on the right. You'll be redirected to Microsoft to login then taken back to Breeze.
** Note: Users created have no permissions. You must logout and login with a Breeze admin account and then on the Users page to set permissions for the new user. **
Related Articles
Breeze & BrightSign
Enjoy the ease and efficiency of Breeze content management and deployment on BrightSign's hardware, long known for its superior reliability in the digital signage world. New BrightSign players can be loaded with the Breeze Player software at our ...
Breeze & Power BI
Breeze can be integrated with Power BI to display a dynamically updating Microsoft Power BI report. Power BI provides businesses a way to illustrate and share data online using a unified, scalable platform. A "common workflow" in Power BI consists ...
Getting Started with Breeze
What is Breeze? Breeze is a digital signage cloud based SAAS software, which means that it is a software implemented as a service within our network centric, secure cloud. For you, this means you can easily access the software- and your signage ...
Canva and Breeze Integration
Getting started with Canva integration in Breeze is, just that, a breeze! Here’s a quick guide: Log in to Canva: Login to your Canva account, or create one. They offer a free plan that allows most features to be used, and paid plans for full ...
Breeze Digital Signage + Amadeus Delphi Integration
Breeze Digital Signage Software integrates seamlessly with Amadeus Delphi, a Hotel/Hospitality event management software solution. Learn more about that integration via the attached file.