/
How do I set up SSO with Azure Active Directory in Sunwave?

How do I set up SSO with Azure Active Directory in Sunwave?

This article explains how to configure single sign-on (SSO) between Sunwave and Microsoft Azure Active Directory (AD). It covers creating a new Enterprise Application in Azure AD and providing required values to Sunwave for setup.

Table of Contents

Prerequisites

To configure SSO (Single Sign On) integration between Sunwave and Azure AD (Active Directory), customers will create a new Enterprise Application in Azure AD. All users are created and managed by the customer in Azure AD, Sunwave only needs the user's email. This will require Azure AD administrator access and Sunwave system admin permissions.

Once the Enterprise Application is created, the client must provide Sunwave with the following values:

  • Enterprise Application Name

  • Enterprise Application ID

  • Thumbprint

  • Tenant ID

Single sign-on setup is configured at the realm family level, requiring just one setup per realm family instead of for each realm.

Sunwave Initial Setup

Sunwave starts this process by defining a token app value. This value must be unique and represent the client’s realm family.

For example, if the token app value is PALM, the client will receive the following URLs:

  • Login URL: https://emr.sunwavehealth.com/sso/login/palm

  • Callback URL: https://emr.sunwavehealth.com/sso/callback/palm

Once the client creates the Enterprise Application in Azure, an SSO registry must be created in Sunwave. The following values are required:

  • Enterprise Application Name

  • Enterprise Application ID

  • Thumbprint

  • Tenant ID

  • Parent Clinic ID

Azure AD

  1. In Microsoft Azure, the customer will click the New Application link:

    Azure AD interface with option to create a new Enterprise Application.

     

  2. Browse Azure AD Gallery, click on Create your Own Application link:

    Azure AD dialog to name and create a custom application.

     

  3. On the Create your own application screen, enter the application name and keep the default option “Integrate any...” then click on Create:

    Enterprise Application Name and initial configuration screen.

     

  4. On the Overview screen, click on the Getting Started link under Set up single sign on:

    Enterprise Application overview page with single sign-on setup link.

     

  5. Select the SAML option for the single sign-on method:

    Single Sign On type selector

     

  6. Edit the Basic SAML Configuration and enter the following values:

    • Identifier (Entity ID): https://emr.sunwavehealth.com

    • Log In URL: Provided by Sunwave. Replace app_token with the assigned token app value (for example, palm).

      • Example: https://emr.sunwavehealth.com/sso/login/palm

    • Reply URL (Assertion Consumer Service URL): Provided by Sunwave. Replace app_token with the assigned token app value.

      • Example: https://emr.sunwavehealth.com/sso/callback/palm

Make sure the app token value matches the one assigned by Sunwave

Basic SAML configuration screen with options for identifier or entity ID and Reply URL

Providing Required Information to Sunwave

  1. Have the client login to Azure AD and go to the Properties page for the Enterprise Application created in the prior steps:

Enterprise Application SSO properties screen with the name and application ID to provide Sunwave.

  1. Provide Sunwave Product team with the following information:

    • Name

    • Application ID

  2. Go to the Single sign-on section (left menu), provide Sunwave Product team with:

    • Thumbprint

Single Sign On section of the Enterprise Application that shows the thumbprint to provide to Sunwave.

  1. Go to the Tenant Information section, provide Sunwave Product team with:

    • Tenant ID

Additional Resources