Ansichten:
Advact Logo



Knowledgebase

Sublime SSO mit Entra ID

Damit sich die Administratoren mit Single-Sign-On via Entra ID an Sublime anmelden können, benötigt es eine "App registration" in Ihrem Microsoft tenant. Die nötigen Schritte sind nachfolgend beschrieben:

  1. Log into the Sublime Platform
  2. Go to Admin > Account
  3. Under Authentication, click the button next to Open ID Connect
  4. Note the Redirect URI, as you'll use it to set up an application in Azure

To create the application in Azure, follow the steps below.

  1. Sign into portal.azure.com
  2. Click App Registrations
  3. Click New Registration
  4. Give your application a name, such as "Sublime Platform"
  5. Under Supported account types select Accounts in this organizational directory only if it's not already selected by default
  6. Click Register (skip the Redirect URI section)
  7. In the Overview section of the application's settings, note the Application (client) ID and the Directory (tenant) ID. You'll use these IDs later.
  8. Go to the Authentication settings page
  9. Click Add a platform
  10. In the panel that opens, click Web
  11. Under Redirect URIs, paste the Redirect URI from Sublime
  12. Under Implicit grant and hybrid flows, check ID tokens
  13. Click Configure
  14. Go to the Certificates & secrets settings page
  15. Click New client secret
  16. Give the client secret a name like "Sublime SSO" and select an expiration of "24 months"
  17. Click Add
  18. Note the value of the new client secret

Now that you've configure your Azure application, you'll use the following values in the next section of this guide:

  • Your issuer URL is https://login.microsoftonline.com/TENANT_ID/v2.0, with TENANT_ID being the Directory (tenant) ID you noted earlier
  • Your client ID is the Application (client) ID you noted earlier
  • Your client secret is the client secret you just created

Single-Sign-On erzwingen

Wir empfehlen ausdrücklich, dass Sie Single-Sign-On erzwingen und somit ein Einloggen mit Benutzernamen und Passwort nicht mehr möglich ist:

Unter "Account" ändern Sie die Einstellung "Allowed methods" im Feld "Authentication" auf folgende Konfiguration:

Ein Login auf Sublime muss anschliessend über den OIDC Link gemacht werden, der Ihnen in den Konfigurationeinstellungen von "Open ID Connect" angezeigt wird:

 

 

Keywords: SSO, Entra ID, Sublime, Extract