Sublime SSO mit Entra ID
Damit sich die Administratoren mit Single-Sign-On via Entra ID an Sublime anmelden können, benötigt es eine "App registration" in Ihrem Microsoft tenant. Die nötigen Schritte sind nachfolgend beschrieben:
- Log into the Sublime Platform
- Go to Admin > Account
- Under Authentication, click the button next to Open ID Connect
- Note the Redirect URI, as you'll use it to set up an application in Azure
To create the application in Azure, follow the steps below.
- Sign into portal.azure.com
- Click App Registrations
- Click New Registration
- Give your application a name, such as "Sublime Platform"
- Under Supported account types select Accounts in this organizational directory only if it's not already selected by default
- Click Register (skip the Redirect URI section)
- In the Overview section of the application's settings, note the Application (client) ID and the Directory (tenant) ID. You'll use these IDs later.
- Go to the Authentication settings page
- Click Add a platform
- In the panel that opens, click Web
- Under Redirect URIs, paste the Redirect URI from Sublime
- Under Implicit grant and hybrid flows, check ID tokens
- Click Configure
- Go to the Certificates & secrets settings page
- Click New client secret
- Give the client secret a name like "Sublime SSO" and select an expiration of "24 months"
- Click Add
- Note the value of the new client secret
Now that you've configure your Azure application, you'll use the following values in the next section of this guide:
- Your issuer URL is
https://login.microsoftonline.com/TENANT_ID/v2.0, withTENANT_IDbeing the Directory (tenant) ID you noted earlier - Your client ID is the Application (client) ID you noted earlier
- Your client secret is the client secret you just created
Single-Sign-On erzwingen
Wir empfehlen ausdrücklich, dass Sie Single-Sign-On erzwingen und somit ein Einloggen mit Benutzernamen und Passwort nicht mehr möglich ist:
Unter "Account" ändern Sie die Einstellung "Allowed methods" im Feld "Authentication" auf folgende Konfiguration:
Ein Login auf Sublime muss anschliessend über den OIDC Link gemacht werden, der Ihnen in den Konfigurationeinstellungen von "Open ID Connect" angezeigt wird: