Subitup SSO supports LDAP, as part of this Azure Active Directory also works.
Note: In Azure AD we have to register separately for each application i.e., Subitup
Accounts application, Mobile application and TimeClock application.
Repeat the below steps for each application separately and, in each step, check the
application specific settings and apply accordingly.
Azure Active Directory:
Setup App registrations in Azure AD for Subitup:
1. Navigate to “Azure Active Directory”(AAD).
2. Navigate to “App registrations” from the left-hand navigation bar. Click on “New
3. Enter a name for the app registration and then click “Register”. (Please refer to
Name for each application:
a. Accounts Application: Subitup-Accounts
b. Mobile Application: Subitup-Mobile
c. Timeclock Application: Subitup-Timeclock
1. Once the App is registered, from the left nav, go to “Authentication” under
2. Click on “Add a platform” and select “Web”.
3. As we have multiple Redirect URIs for each application, please configure one
URI at a time.
I. Add the first Redirect URI, Logout URL and click on “Configure”. Refer to
below image: configure
II. Now you can see a “Add URI” button, click on it to add the remaining
Redirect URIs of that particular application. Refer to below image: add URI
Redirect URIs & Logout URL for each application:
a. Accounts Application:
ii. Logout URL: https://account.subitup.com/SingleSignOn.aspx
b. Mobile Application:
i. Redirect URIs:
ii. Logout URL: https://mobilesecure.subitup.com/#singleSignOn
1. Navigate to “API permissions” from the left-hand navigation.
2. Click on “Grant admin consent for Default Directory” and click on “Yes” when
3. Once the permission is granted the status for “User.Read” will be updated to
“Granted...” like below.
1. Navigate to “Expose an API” from the left-hand navigation.
2. Click on “Application ID URI - Set”
3. There will be default Application ID URI provided, please replace them with the
below for respective App registration and “Save”:
a. Accounts Application: https://account.subitup.com
b. Mobile Application: https://mobilesecure.subitup.com
c. Timeclock Application: https://www.timetrackpay.com
Add Users to the App registrations:
Here we will see how to Add Azure AD users to the created App registrations.
1. Go to Azure AD, from the left-hand nav under “Manage” select “Enterprise
2. From left-had nav under “Manage”, select “All applications”. From Application
type dropdown, select “Enterprise Applications” and click on Apply.
3. From the list click on the respective App registration. (E.g.: Subitup-Accounts)
4. From the opened Enterprise application, from the left-hand nav under “Manage”,
select “Users and groups”.
5. Click on “Add User”.
6. On the opened window, click on “Users” and search the users using their email
ids (in the right-side slide-up) who need the SSO login for respective App
(If you do not find the required email id, please enter the email id manually and
there will be an option to invite them).
7. Once the desired users are selected, please click on “Select” and then click on
“Assign”. (Please refer to the below image with numbering)
8. Note: Please follow the above steps for all the App registrations and add the
Congratulations!! You are all set to make these configuration changes in Subitup