SSO With Microsoft Entra ID
Overview
Blindata seamlessly integrates with Microsoft Entra ID, formerly known as Azure Active Directory, for user sign-in within your SaaS deployment. This out-of-the-box functionality leverages OpenID Connect (OIDC) with PKCE (Proof Key for Code Exchange) to ensure secure authentication.
For organizations running on Microsoft, Blindata with Microsoft Entra sign-in offers the fastest and most secure access experience.
- Simplified User Experience: Users can access Blindata directly using their existing Entra ID credentials, eliminating the need for separate logins and password management.
- Enhanced Security: Entra ID enforces robust security measures, including multi-factor authentication (MFA), to protect user identities according to your organition’s policies.
- Centralized Identity Management: Organizations can manage user access and permissions from a single point within Entra ID, streamlining administration.
Technical Details
- Multi Tenant Application: Blindata is registered as a multi-tenant application within Entra ID. For more details on single-tenant and multi-tenant application concepts in Entra ID, you can refer to Microsoft’s documentation: https://learn.microsoft.com/en-us/entra/identity-platform/single-and-multi-tenant-apps
- OIDC and PKCE: Blindata utilizes the OpenID Connect (OIDC) protocol with PKCE (Proof Key for Code Exchange) to securely communicate with Entra ID. OIDC provides a standardized method for user authentication, while PKCE adds an extra layer of security during the authorization code exchange.
- Microsoft Authentication Library (MSAL): Blindata employs the Microsoft Authentication Library (MSAL) to interact with Entra ID. MSAL simplifies the process of acquiring security tokens from Entra ID, enabling user authentication and access to Blindata’s platform.
Important Considerations
- Entra ID Configuration: many organizations have disabled or limited users’ permission to grant consent to apps. In such cases, it means that your organization’s Entra ID administrator might have restricted access to external applications. If you encounter sign-in issues, contact your Entra ID administrator and request permission for the Blindata application.
Additional Resources
Refer to microsoft documentation to troubleshoot login problems:
-
Troubleshooting unexpected user consent prompt: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/application-sign-in-unexpected-user-consent-prompt
-
Application model for multitenant application: https://learn.microsoft.com/en-us/entra/identity-platform/application-model#multi-tenant-apps
-
Application objects and service principals: https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser
-
Application consent experience: https://learn.microsoft.com/en-us/entra/identity-platform/application-consent-experience
Note
The configuration outlined in this guide are also applicable for Blindata on premise and dedicated deployments with custom configurations. Contact your sales representative for the technical guides of how to configure your on-premise or dedicated instance.