How to set up Microsoft Azure Active Directory Single Sign-On

With Microsoft Entra ID Single Sign-On, users are able to sign in to SpeechLive using the Microsoft account credentials of their company, e.g. the one they use to sign in to Windows, or Office 365. It requires the IT administrator of an organization to activate the required settings first.

[Note]Note

Microsoft changed the name from Azure Active Directory to Microsoft Entra ID.

To configure Single Sign-On in Microsoft Entra ID:

  1. Go to portal.azure.com and choose Microsoft Entra ID in the list of available services.

    set-up-azure-single-sign-on_screen1.png
  2. Choose Enterprise applications on the left of the screen.

    set-up-azure-single-sign-on_screen2.png
  3. On top of the screen click on New application and search for "Philips SpeechLive".

    set-up-azure-single-sign-on_screen3.png
  4. Click on Philips SpeechLive and click Sign up for SpeechLive in the new window.

    add_philips_speechlive_to_azure_galery.png
  5. A new window opens and you will see the SpeechLive sign in screen, click on Sign in with Microsoft.

  6. Sign in with the Microsoft Entra ID admin account of your company, or any account that has permissions to add new enterprise applications to Microsoft Entra ID.

  7. On the permission screen, activate Consent on behalf of your organization and click Accept.

    ad-accept-permission.png

    ↪ SpeechLive is now added to your Enterprise applications in Microsoft Entra ID.

    X Users can now use their Microsoft account credentials to sign in to SpeechLive (see User sign in).

Troubleshooting

  • After you completed all steps mentioned above, all your Microsoft Entra ID users can sign in with their Microsoft account to SpeechLive. However, the users will receive an error screen if they don’t have an active SpeechLive workflow user:

    ad-sl-error-screen.png

    The email address of the user in Microsoft Entra ID Single Sign-On must match the one used for the SpeechLive workflow user. Otherwise the users will also see the error screen.

  • Single Sign-On only works for active workflow users or if the user was added via the Add user (Single Sign-On) function, see Add user for more information.

  • You may wish to change the default behavior and only allow specific users to sign-in with Microsoft to SpeechLive. To change this:

  • Depending on your Microsoft Entra ID settings, your users may get the following error screen when trying to sign in to SpeechLive:

    ad_only-edge-on-mobile.png

    You can solve this issue by changing the following settings:

User sign in

After Microsoft Entra ID Single Sign-On was successfully set up by their IT administrator, SpeechLive users can sign in using their Microsoft account credentials:

  1. Navigate to the SpeechLive sign-in page.

  2. Click on Sign in with Microsoft.

  3. Sign in with your Microsoft account (e.g. Windows, or Office 365) and continue to SpeechLive.

    [Note]Note
    • You can only sign in with your Microsoft account after your IT administrator added SpeechLive in Microsoft Entra ID (see How to set up Microsoft Azure Active Directory Single Sign-On)

    • The security settings of your Microsoft account (e.g. multi-factor authentication) will also apply when you sign in to SpeechLive with your Microsoft account credentials