Single sign-on (SSO) — to log in and authenticate from your existing email [currently only Azure AD]

Configure SSO in the IRIS Dashboard

  1. Head to the IRIS Clarity dashboard in a new tab and navigate to the SSO settings page Team > Manage team

  2. Enter a domain name. This must be unique to you (we will verify that it is available)Alphanumeric (numbers and/or letters)Lower caseNo special characters (!@£$%^&*()_-+=)No spaces3-30 characters in length

    Examples
    ✅ shapedbyiris  
    ✅ shapedbyiris2 
    ❌ shapedbyIRIS 
    ❌ shaped.by-iris


Add IRIS Clarity app to Azure

  1. To add IRIS Clarity as an application open the Enterprise Applications page the Azure portal
  2. Click + New application
  3. Click + Create your own application
  4. Give it a name e.g. IRIS Clarity
  5. Ensure the following checkbox is ticked Integrate any other application you don't find in the gallery (Non-gallery)
  6. Click Create

Configure Single sign-on in Azure

  1. Select Single sign-on in the left side panel

  2. Select SAML from the options

  3. Under Basic SAML Configuration, click Edit to make changes

  4. Under Identifier (Entity ID), click Add identifier and paste the Identifier (Entity ID) link that was generated in the IRIS Clarity dashboard.

  5. Under Reply URL (Assertion Consumer Service URL), click Add reply URL and paste the Reply URL (Assertion Consumer Service URL) link that was generated in the IRIS Clarity dashboard.

  6. Click Save at the top of the screen. Ensure all details are correct. You will be unable to edit this after you hit save.

  7. In the SAML Certificates section of Azure ID, copy the App Federation Metadata Url

    Example: https://login.microsoftonline.com/3e6bb012353ce-37d3-4967-a135-167cd812312358c72c/federationmetadata/2007-06/federationmetadata.xml?appid=97b8550f-1e13-4f21-891123235179-e12bc1b31393ba

  8. In the IRIS Clarity Dashboard, paste this URL in the App Federation Metadata Url section

  9. Click Save.

    No further configuration is needed in the IRIS Clarity dashboard.

  10. You can return to the SSO configuration section in the Azure AD tab later to test the SSO flow.


Grant permissions to the IRIS Clarity application

  1. Go to App Registrations (or search for App Registrations in the main search bar)

  2. Select All applications and click the IRIS Clarity application you have just created

  3. In the left side panel select API Permissions > Add a permission > Microsoft Graph > Delegated Permissions > Search for and check the following permissions,

    User.Read
    User.Read.All
  4. Click Add permissions

    Single Sign On configuration between Azure AD and IRIS Clarity is now complete.


Test SSO and initial login

Add users to the enterprise application

Add users / groups to the new IRIS Clarity application to be able to log in to the app via SSO or set assignment required to be no.

You can now test the SSO flow in the Single sign-on section of the Clarity app

Initial login

After you have completed the SAML setup, an admin in your tenant will need to log in first. That user will need to accept on behalf of your Azure AD tenant. Once this is done, no-one else will see this screen.

IRIS Clarity dashboard assignment

You will need to ensure that all users who have been added to the Azure AD SSO application are added to the team in the IRIS account dashboard.


FAQ

If you see the following error this means you have not added users to your new IRIS Clarity enterprise application.

IRIS Clarity Multi-tenant

Sorry, but we're having trouble with signing you in.

AADSTS50105: Your administrator has configured the application Name of enterprise application (xxxxx) to block users unless they are specifically granted ('assigned') access to the application. The signed in user 'briony@shapedbyiris.com' is blocked because they are not a direct member of a group with access, nor had access directly assigned by an administrator.

Please contact your administrator to assign access to this application.