Skip to main content
Version: 1.4.0

Single Sign On

The Authentication tab provides Single Sign-On (SSO) configuration options for your DataStream organization. This interface allows administrators to enhance security by integrating with Azure AD/Entra ID authentication systems, enabling users to access DataStream using their existing organizational credentials.

To access Single Sign-On settings:

  • Click the hamburger menu on the top left
  • Select Organization > Settings
  • Click the Authentication tab

The Authentication interface displays:

  • Single Sign-On section with setup options
  • Set up Single Sign-On link for configuration access
  • Learn more link for additional SSO information
  • Description: "Enhance your organization's security by requiring users to use Single Sign-On to sign in to VirtualMetric"

Single Sign-On Configuration

VirtualMetric DataStream single sign-on integration allows users with existing Azure AD/Entra ID accounts to access DataStream without creating separate credentials. Users authenticate through their organization's Azure AD system and gain access to DataStream based on their assigned roles and permissions.

Enable SSO for Tenant

  1. Navigate to Organization Settings

    • Access the Organization menu from the cloud interface
    • Select Tenant Settings

  2. Configure Authentication Type

    • Locate the Authentication section
    • Set Auth Type to OAuth
    • Enable the SSO Enabled toggle

  3. Azure AD Configuration

    • OAuth Config: Enter your Azure AD application configuration
      • client_id: Azure AD application client ID
      • client_secret: Azure AD application client secret
      • tenant_id: Azure AD tenant identifier
      • redirect_uri: VirtualMetric callback URL
    • OAuth Scope: Specify required permissions (e.g., openid profile email)

Azure AD Application Setup

Prerequisites: Azure AD administrator access required.

  1. Register Application

    • Navigate to Azure PortalAzure Active DirectoryApp registrations
    • Create new registration with appropriate redirect URI
    • Note the Application (client) ID and Directory (tenant) ID

  2. Configure Authentication

    • Add platform configuration for web application
    • Set redirect URI to your VirtualMetric tenant URL
    • Enable ID tokens and access tokens

  3. Create Client Secret

    • Navigate to Certificates & secrets
    • Create new client secret
    • Copy the secret value immediately

User Access Management

When SSO is enabled, users with Azure AD accounts can access DataStream directly without requiring separate VirtualMetric user accounts. Azure AD handles both authentication and provides user identity information to DataStream for access control.

When SSO is disabled, users must have dedicated VirtualMetric DataStream user accounts with username/password authentication to access the system.

Disable SSO

  1. Navigate to Tenant Settings
  2. Disable the SSO Enabled toggle
  3. Users will revert to VirtualMetric username/password authentication