Set up Single Sign-On with Microsoft Azure AD, now renamed to Microsoft Entra ID.
By using Azure SSO, your users will no longer need to remember an extra password to sign into Lattice, and you can quickly remove their access to Lattice from a centralized control panel.
Note: Because SSO configuration is a technical process, we recommend that your IT team assist with the setup. For Microsoft's detailed tutorial for setting up Azure AD SSO integration with Lattice, read Lattice Tutorial.
Configure SSO in Azure
- In the Azure portal, navigate to Azure Active Directory.
- On the left panel, navigate to Enterprise applications > All applications > click New application.
- In the Browse Azure AD Gallery section, search for Lattice > click Create.
- Click Set up single sign on > SAML.
- In the Basic SAML Configuration, select Edit.
- Add the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) with the following:
- Entity ID:
https://[subdomain].latticehq.com/sso/[subdomain]/metadata
- ACS URL: https://[subdomain].latticehq.com/sso/[subdomain]/acs
- [subdomain] is your Lattice subdomain. For example, if your organization's Lattice URL is https://bigco.latticehq.com, bigco would be your subdomain and your ACS URL would be: https://bigco.latticehq.com/sso/bigco/acs.
- Entity ID:
Complete Setup in Lattice
- While in the Azure portal, navigate back to Home > Enterprise Applications > Lattice > SAML Certificates. Download the Federation Metadata XML file.
- In Lattice, navigate to Admin > Settings > Platform > Single Sign-On.
- (Optional) Check to Force employee login through SSO or Force admin login through SSO.
- Copy and paste the contents of the Metadata File.
- Click Save.
Note: Make sure you are opening the Metadata file from a text editor or a note editor, opening it from another application might reformat it.