This guide will walk you through setting up single sign-on access for Drip7 with any client using Azure Active Directory.

The overall process is quite easy, and gives users in the organization authentication with the same credentials.

 

Register Drip7 as an application in Active Directory. (Requires network admin permissions with the organization)

Open the Azure Portal, and navigate to your Active Directory, then click on Enterprise Applications.

**Note, later you'll want the Tenant ID, so copying it now isn’t a bad idea.

 

 

Next, click on New Application.

 

 

Create your own application. A pane will slide in from the left. Put Drip7 as the name of the application, and register it to integrate with Azure AD.

 

 

You’ll now get a form to fill out some details about the application. You can decide on supported account types based on your situation.

For the Redirect URI, choose “Single-page application (SPA)”, and for the redirect, use the domain given to you by Drip7, followed by “.drip7.com”.

 

 

Next, we need to set up API permissions to allow Drip7 to get access to groups and user emails. We use the group list so that you can sync Active Directory groups with groups in Drip7, and we use user emails to send notifications to specific users (e.g. to remind users who haven’t yet logged into Drip7 that they should resume their required training).

Go back to Active Directory home and click on Enterprise applications. You should see Drip7 listed (though you may need to refresh a couple of times). Click on that to see the Drip7 details.

 

 

Click on API Permissions. For listing groups and for user emails, we use the Microsoft Graph API. Click on Add a permission, then in the pane on the right click on Microsoft Graph. Then click on Application permissions. In the search bar for Select permissions, type “groupmember” and choose GroupMember.Read.All. 

 

 

To retrieve user emails, we’ll need Directory.Read.All. In the search bar type “directory”, and choose Directory.Read.All.

 

 

That’s it. Return to Active Directory home and click on Enterprise applications. Keep this page available, since we’ll need the Application (client) ID and the Directory (tenant) ID.

 

 

 

Configure the new tenant in Drip7

Requires admin permissions in Drip7

Open up the Tenants tab. If you are managing multiple tenants, then you’ll need to choose the tenant you’re working with from the drop down. (If you only manage one tenant, then there won’t be a dropdown.)

At the bottom of the page, click on the User/Password dropdown and choose Azure SSO.

 

 

You’ll see a button appear with “Configure Single Sign-On”. Click on that button to bring up the dialog to set up your configuration. 

 

 

Fill in the fields for this modal. You’ll get the application (client) ID and the tenant ID from the Azure portal page for the Drip7 app. For the redirect url, use the domain you were given from Drip7, followed by “.drip7.com”, just as you did when you registered the app in Azure.

 

Drip7 will sync groups from Active Directory into Drip7 groups. You can configure those with this dialog, too. At the bottom of the dialog you can select which groups in AD you want to include with Drip7 and which groups you want to ignore. When a user logs in, the groups that user belongs to in AD will be reflected in Drip7. In the example, the groups devops and Dev will both be added as groups in Drip7, and members of those groups will automatically be added to those groups in Drip7. The checkbox Automatically Sync New Groups specifies what to do with groups that aren’t already in either list. If this box is checked, then when a new group is created in AD it will automatically be added to Drip7.

 

 

That’s it! You should be able to go to https://{yoursubdomain}.drip7.com, log in with your organization credentials, and get started.