SSO: Configuring Microsoft Azure for use with InVision V7

Getting set up to use Microsoft's Azure Active Directory SSO with InVision V7 involves three primary tasks:

1. Adding InVision as a new application in Azure
2. Configuring the InVision application in Azure
3. Configuring Azure in InVision V7

This document walks you through the process.

Adding InVision as a new application in Azure

To add the InVision app in Azure:

1. Sign in to Azure as an admin.
2. In the left-hand navigation, click Azure Active Directory.
3. Navigate to Enterprise Applications, click All Applications, and click New application.
4. In the Add from the gallery search box, enter "InVision."
5. In the search results, click InVision and finishing adding the app.

Configuring the InVision app in Azure

To configure and enable the InVision app in Azure:

1. Open the InVision app and, in the Manage section, click single sign-on.
2. On the Select a single sign-on method page, click SAML.
3. To the right of Basic SAML Configuration on the Set up single sign-on with SAML page, click the pen icon and edit the settings.
   For detailed instructions on editing these SAML configuration settings in Azure, check out the "Configure Azure AD SSO" section of Microsoft's related Help article.
4. In the SAML Signing Certificate section of the the Set up single sign-on with SAML page, next to Certificate (Base64), click Download and save the certificate to your desktop (or wherever you can easily find it later).
5. In the Set up InVision section, copy the URLs next to each of these labels:
   
   • Login URL
   • Azure AD Identifier
   • Logout URL

Once you've completed the steps above in Azure, you're ready to open your Enterprise team settings in InVision V7, where you'll add the details you saved in steps 4 and 5 above.

Configuring Azure in InVision

With InVision V7, you can configure Azure directly from your team settings.

To configure Azure:

1. Sign in to your InVision Enterprise here: your-team-name.invisionapp.com
2. In the lower-left corner, click the [Your Team Name] dropdown, and then click People & Team settings.
   
   The Team page will open with the People tab active.
3. Click the Settings tab, and then click Single sign-on.
4. Toggle on Require SSO for every member of [your Enterprise team].
5. With the information provided in Azure’s Identity Provider metadata file and/or the Azure admin portal, complete the fields on the SSO settings page:
   • Name: Set any name you want for the configuration.
   • Sign-in URL: Enter the Login URL you saved in step 5 of the "Configuring the InVision app in Azure" instructions above.
   • Sign-out URL: Enter the Logout URL you saved in step 5 of the "Configuring the InVision app in Azure" instructions above.
   • SAML Certification: Enter the certification provided in the ds:X509Certificate attribute of the metadata file.
   • Name ID Format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
   • HASH Algorithm: SHA-256
   • SSO Button Label: Set any text you’d like for the SSO button that appears when signing in.
6. Click Update.
   

   

Now when any user attempts to sign in to your InVision V7 subdomain, they will be prompted to use SSO with Azure.