How to configure Single sign-on (SSO) for your Meddbase chamber

Article author
Greg Pietras
  • Updated

What is the context?


Meddbase supports the setup of Single sign-on or ‘SSO’ specifically using SAML2 protocol. This enables users to log into their Meddbase instance via SSO. This also disables any local sign ins (not via SSO).

Click here for an article on configuring SSO for OH portal employee companies.

What is the purpose of the article?


This article:

What are the pre-requisites for this article?


To use this article and undertake configuration, you need:

  • A good working knowledge of SAML 2.0.
  • A Meddbase User account in your chamber with admin permissions.
  • Access to your organisation's Azure Active Directory admin centre.

 

How does Single sign-on work?


The SSO is set up at the chamber level. When a User tries to access the application, Meddbase finds the identity provider (Azure AD) to authenticate the User. If the User is not signed in, Azure AD authenticates the user and generates a SAML token. Meddbase then generates a SAML 2.0 AuthnRequest and redirects the User's browser to the Azure AD SAML single sign-on URL. Azure AD posts the SAML response to Meddbase via the User's browser and Meddbase verifies the SAML response and subsequently completes the User sign-in.

Click here for more details on the Single sign-on SAML protocol.

 

SSO configuration steps in Azure AD and in Meddbase


The SSO configuration process requires admin configuration in your organisation's Azure AD (or similar) provider account. There are also configuration steps you need to take in your Meddbase chamber.

For simplicity, all steps/tasks required in both environments and the exchange of information between them have been put in a single, chronological list below:

 

Steps required on your Azure Portal

Click any image to enlarge it.

1. Login to portal.azure.com and select Azure Active Directory under Azure services.

[Full alt text]

2. Navigate to Enterprise applications.

[Full alt text]

3. Click New Application.

[Full alt text]

4. Click Create your own application.

[Full alt text]

5. Enter a name for the application, e.g., 'Meddbase SSO'.

6. Select the Integrate any other application you don't find in the gallery (Non-gallery) option.

[Full alt text]

7. Click Create and wait for the application to finish building.

8. Click Set up single sign on and select SAML on the next screen.

[Full alt text]

9. Click Edit in the Basic SAML Configuration section.

[Full alt text]

10. Enter chamber domain key* as the Identifier (Entity ID).

*The Chamber Domain Key can be found in your Meddbase chamber under Admin > Configuration > Application > Chamber domain key / user login prefix

 

11. Enter 'Login URL/ssoapp', e.g. login.meddbase.com/ssoapp, as the REPLY URL (Assertion Consumer Service URL). Please make sure there are no spaces before or after the URL.

 

Please note: Different regions have different environment URLS. Please ensure you use your relevant region URL:

  • UK:   https://login.meddbase.com/ssoapp
  • Australia: https://au-login.meddbase.com/ssoapp
  • Canada: https://ca-login.meddbase.com/ssoapp
  • Europe: https://eu-login.meddbase.com/ssoapp

 

[Full alt text]

12. Click Edit in the User Attributes & Claims section.

[Full alt text]

13. Set Source attribute to user.mail.

[Full alt text]

14. Save settings.

15. Under 'SAML Signing Certificate' download Certificate (Base64).

[Full alt text]

16. Copy the Login URL under Set up ‘Meddbase SSO’.

[Full alt text]

17. Click ‘Users and groups’ under Manage, to grant access to any groups that will be using SSO.

[Full alt text]

Steps required in your Meddbase chamber

1. Login to Meddbase normally using your Meddbase username and password.

2. From the Start Page navigate to Admin > Configuration > Application.

3. Tick the Enable single sign-on checkbox.

4. Fill in the following details:

      • Identity provider URL: Login URL (from step 16).
      • Identified: Chamber Domain Key (from step 10). 
      • Certificate: Open the Certificate (Base64) (from step 15) in Notepad and copy/paste the content.
      • Claim name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mail

5. Click Save to apply your settings.

[Full alt text]

 

Testing the application in your Azure Portal

Whilst logged in with the current user click Test Application. If successful, you should be logged into Meddbase.

If the test fails, please confirm that you have a profile in Meddbase with the same email address as the account that you’re logged into Azure with.

[Full alt text]

Users added in Step 17 should see a new app on https://myapps.microsoft.com/ with the
name set in Step 5 where they can launch Meddbase. This will be the new way to login to
Meddbase and all local logins will be disabled.

Guidance for End Users on Meddbase Login Methods


Once SSO is set up and tested, end users of Meddbase can access the system in one of two ways:

  1. Through Microsoft Applications:
    • https://myapplications.microsoft.com/. 
  2. Direct URL Access: Use the following URLs, replacing "ChamberCode" with your specific chamber’s code:
    • https://login.meddbase.com/SSOLogin.aspx?identifier=ChamberCode&autologin=true
              • (auto-login enabled) 
    • https://login.meddbase.com/SSOLogin.aspx?identifier=ChamberCode 

Note: Ensure that "ChamberCode" is replaced with your designated code to successfully log in.

 

Review date


This article was last updated on 6th November 2024.