SSO With Microsoft Entra ID

Overview

Blindata seamlessly integrates with Microsoft Entra ID, formerly known as Azure Active Directory, for user sign-in within your SaaS deployment. This out-of-the-box functionality leverages OpenID Connect (OIDC) with PKCE (Proof Key for Code Exchange) to ensure secure authentication.

For organizations running on Microsoft, Blindata with Microsoft Entra sign-in offers the fastest and most secure access experience.

Simplified User Experience: Users can access Blindata directly using their existing Entra ID credentials, eliminating the need for separate logins and password management.
Enhanced Security: Entra ID enforces robust security measures, including multi-factor authentication (MFA), to protect user identities according to your organition’s policies.
Centralized Identity Management: Organizations can manage user access and permissions from a single point within Entra ID, streamlining administration.

Technical Details

Multi Tenant Application: Blindata is registered as a multi-tenant application within Entra ID. For more details on single-tenant and multi-tenant application concepts in Entra ID, you can refer to Microsoft’s documentation: https://learn.microsoft.com/en-us/entra/identity-platform/single-and-multi-tenant-apps
OIDC and PKCE: Blindata utilizes the OpenID Connect (OIDC) protocol with PKCE (Proof Key for Code Exchange) to securely communicate with Entra ID. OIDC provides a standardized method for user authentication, while PKCE adds an extra layer of security during the authorization code exchange.
Microsoft Authentication Library (MSAL): Blindata employs the Microsoft Authentication Library (MSAL) to interact with Entra ID. MSAL simplifies the process of acquiring security tokens from Entra ID, enabling user authentication and access to Blindata’s platform.

Important Considerations

Entra ID Configuration: many organizations have disabled or limited users’ permission to grant consent to apps. In such cases, it means that your organization’s Entra ID administrator might have restricted access to external applications. If you encounter sign-in issues, contact your Entra ID administrator and request permission for the Blindata application.

Additional Resources

Refer to microsoft documentation to troubleshoot login problems:

Troubleshooting unexpected user consent prompt: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/application-sign-in-unexpected-user-consent-prompt
Application model for multitenant application: https://learn.microsoft.com/en-us/entra/identity-platform/application-model#multi-tenant-apps
Application objects and service principals: https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser
Application consent experience: https://learn.microsoft.com/en-us/entra/identity-platform/application-consent-experience

Note

The configuration outlined in this guide are also applicable for Blindata on premise and dedicated deployments with custom configurations. Contact your sales representative for the technical guides of how to configure your on-premise or dedicated instance.

Updated on 15 May 2024