SSO and the Condeco Device Hub
The Device Hub supports authentication via SSO (Single Sign-on) or by forms login (entering a username and password). If SSO is enabled, forms login is no longer possible.
Support for other IdPs is planned.
The following is required before enabling SSO for the Device Hub:
- An Azure AD subscription
- SSO configured in your identity provider (IdP) service.
- Azure AD client ID. Learn how to find your Azure client ID and tenant ID
- Azure AD tenant ID. Learn how to find your Azure client ID and tenant ID
- The email address of your Azure admin who can complete the SSO registration.
Multi-factor authentication: Multi-factor authentication is not supported for domains using SSO.
Process for enabling SSO for the Device Hub
When SSO is enabled you cannot sign in using your email address and password or change your password!
Condeco will configure SSO for your tenant when the following process is complete:
- Send Condeco the following details by your agreed method:
- Azure AD client ID.
- Azure AD tenant ID.
- The email address of your Azure admin (who can complete the SSO registration).
- Condeco then adds your details to the Device Hub.
- An activation email with a PIN is sent to the email address of the Azure admin you provided.
- The Azure admin follows the instructions in the activation email to complete the registration.
- Finally, Condeco configures SSO for your tenant.
Your Azure admin is now registered and can add additional administrators as required via the Device Hub. Each newly added admin receives a welcome email and can sign in to the Device Hub using SSO.
Signing in using SSO
To sign in to the Device Hub using SSO click Sign in. You are then directed to your own IdP service to authenticate by your usual methods. When authenticated, the Device Hub is launched.
Signing out behavior
- You are automatically signed out after 60 minutes of inactivity.
- If you have multiple Device Hub sessions open on different tabs, logging out will sign out of all tabs in the same browser. Another session in a different browser remains logged in.
- Logging out of the Device Hub will also log out your IdP service.
How to find your Azure client ID and tenant ID
- Azure tenant ID: Follow the steps in the Microsoft guide to find your Azure tenant ID – docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-to-find-tenant
- Azure client ID: You can find your Azure client ID by starting the process to create an application registration (you do not need to complete the process). Follow steps 1 to 4 in the Microsoft guide, using the following URL in step 3