This article describes how SIGNL4 can be generally authorized as an enterprise app for Azure AD users (Marketplace Link). This is important if you want to implement the use of SIGNL4 in your company with existing user accounts from the Azure AD.

Initial situation

Using SIGNL4 through existing user accounts (“single sign on”) in your Azure AD (AAD) has many advantages in terms of control and security. One example would be the ability to use any Multi-Factor-Authentication (MFA) with SIGNL4, that you have in place in AAD. However, in order for your users to log in to SIGNL4 with their existing Azure AD account, the SIGNL4 app in your Azure AD must first be authorized in most cases. Otherwise, it may not access a user’s data in Azure AD. This is only not the case, if you have set Azure AD to allow your users to grant consent themselves, when apps attempt to access their data in Azure AD. This setup is shown in the screenshot below.

In the corporate sector, however, this setup as described above is rather unusual and the app registrations are deactivated for the users. In this case, an administrator must first authorize the desired app. Otherwise, users will see this message when attempting to log in to an app that was not authorized as enterprise app.

Activate SIGNL4 as an authorized enterprise application

So if users cannot generally authorize apps themselves by logging in to them for the first time, follow the steps below to activate SIGNL4 as an authorized enterprise application in the Azure AD:

1. In the Azure Portal, click on “Azure Active Directory” and then on “Enterprise Applications” in the menu below. Then click on the “New Application” button
   
2. On the following page, simply enter SIGNL4 in the catalogue search box, then click on the search result and then on “Add” (the button is not activated in the screenshot, as the app has already been added once).
   
3. After the app is added, it appears in the list of enterprise applications. Now click on the app to open its configuration details.
4. Now click on “Permissions” in the left menu. On this page you can define which users can add the app for themselves (self-service). However, you can also authorize the app for all users directly as administrator. We recommend to authorize that the app can access the data of all users in your Azure AD in order to sign them in. To do this as an administrator, click on the “Grant admin consent” button and follow the instructions on the screen.
   

The SIGNL4 app has now been added to your Azure Active Directory and you, the administrator, have given consent that this app can a access a user’s data when signing him or her in.

Your Azure AD users can now securely sign in to SIGNL4 with their Azure AD account and do not need to grant any further consent themselves. Only authentication using a second factor (MFA) would be part of their logon experience, if enrolled with your AAD tenant.