SSO with Azure Active Directory



This article introduces Kintone's integration with Azure Active Directory (Azure AD) - a cloud service for identity and access management.

What is Azure Active Directory?

Azure AD is a cloud service for identity and access management that enables secure access to various applications and Microsoft products.
Customers who want to use both Office 365 and Kintone can do so by utilizing the functions of Azure AD. Azure AD offers not only high affinity with Microsoft products, but also has the following advantages:

  • Unified management of cloud authentication servers for on-premises and could services
  • No requirement for operations of the authentication server
  • Collaboration with other services on the Microsoft Azure Marketplace

Synchronize Azure AD and log in to Kintone

Use Azure AD as the identity provider to log into Kintone. By doing so, it is possible to combine the single sign-on (SSO) environment with other services such as Google Workspace, Salesforce, Office 365 and multi-factor authentication (2 factor authentication). Details of the SAML authentication on Kintone can be found on the Setting Up Single Sign-On (SSO) with SAML (External link) page of the Kintone Help site.

Configure federation with Azure AD

Select Kintone from Azure's Application Directory and set Kintone's address in the settings. On Kintone's administration screen, enable the SAML settings, and place in information related to the sign-in page of Azure AD. Details of the setting procedure can be found on the Tutorial: Azure Active Directory integration with Kintone (External link) page of the Microsoft Azure website.

Test the SSO

After completing the settings, close all browsers and try accessing Kintone through the browser. The login screen of Azure AD should be displayed instead of Kintone's log in screen.

Synchronize On-premises Active Directory and Log in to Kintone

If the on-premises (Windows Server available inside your company) AD federation is set in the above configuration, it is possible to log in to Kintone by using the domain account (Windows login account) available inside the company. Single sign-on with other applications such as Google Workspace etc. is also possible.

Configure Azure AD and AD (Windows Server environment) federation

Using the settings above, configuring the federation with the AD in the Windows Server with the Azure AD directory that is federated with Kintone can be done. To perform a federation, first set up the Active Directory Federation Services (AD FS) and the Web Application Proxy. When the setup is complete, use Windows PowerShell (command utility) to set up a trusting relationship between Azure AD and AD FS (exchange the meta information including certificates mutually). Finally, synchronize the configuration of Azure AD information with Active Directory information (such as users) available inside the company.
Details on how to integrate on-premises directories with Azure Active Directory can be found on What is federation with Azure AD? (External link) of the Microsoft Azure website.

Test the SSO

After completing the settings, close all browsers and try accessing Kintone. A login screen (shown below) of AD FS exclusive for the company will be displayed. Logging into this page will also log the user into Kintone. Users who log into the Windows environment (domain) of the company and use Microsoft Edge, will not see the login screen and single sign-on (SSO) will be performed.