SSO integration with Azure/Entra

Note: To enable SSO integration, RoboForm clients (Windows, Mac, browser extension) need to be Version 9.5.7 or later.

 

Azure/Entra SSO

RoboForm Single Sign On (SSO) integration allows users to be automatically signed into RoboForm without needing to use a Master Password. Instead the user will be redirected to the Entra authentication portal where they will be able to verify their identity through Entra.

This article will cover how to enable SSO integration through Entra, additional documentation from Azure's help center may be useful as an additional reference point during this process and can be found here.

 

Integrate RoboForm with Azure/Entra

 

1) Sign into your Azure/Entra management console, navigate to Applications>>Enterprise Applications, and select New Application.

 

 

2) From this page select Create your own application.

 

 

3) Name the new application RoboForm, set it to "Integrate any other application you don't find in the gallery (Non-gallery)", and select Create.

 

 

Note: Do NOT delete this application once SSO registration has been completed, doing so can result in loss of RoboForm data for your users.

 

4) Navigate to the Microsoft Entra ID section of the Azure management portal and select App Registrations.

 

 

5) Select the application created in step 3, from this page copy the Application (client) ID to a local notepad for use later. 

 

 

6) Open the Endpoints menu and copy the URL under "OpenID Connect metadata document" to your notepad.

 

 

7) In a new tab open the RoboForm for Business administrator console and navigate to Integrations.

 

 

8) Select Microsoft Entra ID, open the Single Sign-On tab, paste the previously copied Application ID and OIDC Metadata URL into their respective fields, and click Next.

 

 

9) Set which users will have SSO enabled:

No one - This option will complete the SSO integration but will not activate it for any users.

All Users and Groups - This option will enable SSO for all users in the company.

Selected Groups - This option will enable SSO for users in specified groups.

This setting can be changed after the setup is complete.

When ready click Activate SSO Integration, this will open a prompt for final confirmation to complete RoboForm's integration with Entra ID.

 

 

 

 

10) Return to the Azure management portal and navigate to the Authentication section of the RoboForm application.

 

 

11) Select Add a platform.

 

 

12) In the Web Applications section select Single-page application.

 

 

13) The Redirect URI indicates what address Azure's authentication can reach RoboForm at once the authentication has been completed. Each of the following URIs must be entered separately, each represents one of the portals a user may access RoboForm through.

http://localhost:42019/oidc-callback 
http://localhost:42020/oidc-callback
http://localhost:42021/oidc-callback
https://pnlccmojcmeohlpggmfnbbiapkmbliob.chromiumapp.org/oidc-callback                             
https://ljfpcifpgbbchoddpjefaipoiigpdmag.chromiumapp.org/oidc-callback             
https://online.roboform.com/oidc-callback

 

 

Add each of the remaining URIs using the Add URI button..

 

 

14) Enable Access tokens and ID tokens then click Save.

 

 

15) Navigate to API Permissions.

 

 

16) Click Add a permission

 

 

17) Select Microsoft Graph

 

 

18) Open Delegated Permissions and under OpenId permissions enable email, openid, and profile.

 

 

19) Scroll down the permissions list to User and enable User.ReadWrite. Once each of the permissions has been enabled click Add permissions.

 

 

20) Click Grant admin consent to authorize the changes to the API.

 

 

SSO integration has now been configured for Azure/Entra. All users that this functionality has been assigned to can begin signing into RoboForm using SSO.