This article provides answers for InVision V7. If you're using V6 of InVision, check out this article instead. Not sure which version you're using? Find out now.
Getting set up to use Microsoft's Azure Active Directory SSO with InVision V7 involves three primary tasks:
- Add InVision as a new application in Azure
- Configure the InVision application in Azure
- Configure Azure in InVision V7
This document walks you through the process.
We recommend that these steps are completed by your IT team or an IT Manager.
Add InVision as a new application in Azure
To add the InVision app in Azure, follow these steps in this article.
Configure the InVision app in Azure
To configure and enable the InVision app in Azure:
- Open the InVision app and, in the Manage section, select single sign-on.
- On the Select a single sign-on method page, select SAML.
- To the right of Basic SAML Configuration on the Set up single sign-on with SAML page, click the pen icon and edit the settings.
For detailed instructions on editing these SAML configuration settings in Azure, check out the "Configure Azure AD SSO" section of Microsoft's related Help article. - In the SAML Signing Certificate section of the Set up single sign-on with SAML page, next to Certificate (Base64), select Download and save the certificate to your desktop (or wherever you can easily find it later).
- In the Set up InVision section, copy the URLs next to each of these labels:
- Login URL
- Azure AD Identifier
- Logout URL
Once you've completed these steps in Azure, you're ready to open your Enterprise team settings in InVision V7, where you'll add the details you saved in steps 4 and 5.
Configure Azure in InVision
To perform this action, you must be an owner or admin on the Enterprise account.
With InVision V7, you can configure Azure directly from your team settings.
To configure Azure:
- Sign in to your InVision Enterprise here:
your-team-name.invisionapp.com - In the lower-left corner, select the [Your Team Name] dropdown, and then select People & Team settings.
The Team page opens with the People tab active. - Click the Settings tab, and then select Single sign-on.
- Turn on Require SSO for every member of [your Enterprise team].
- With the information provided in Azure’s Identity Provider metadata file and/or the Azure admin portal, complete the fields on the SSO settings page:
- Name: Set any name you want for the configuration.
- Sign-in URL: Enter the Login URL you saved in step 5 of the "Configure the InVision app in Azure" section.
- Sign-out URL: Enter the Logout URL you saved in step 5 of the "Configure the InVision app in Azure" section.
- SAML Certification: Enter the certification provided in the
ds:X509Certificateattribute of the metadata file. - Name ID Format:
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - HASH Algorithm: SHA-256
- SSO Button Label: Set any text you’d like for the SSO button that appears when signing in.
- Click Update.
Now when any user attempts to sign in to your InVision V7 subdomain, they will be prompted to use SSO with Azure.
