1. Support Center
  2. Single Sign-On (SSO)

SubItUp SSO with Azure AD

Subitup SSO supports LDAP, as part of this Azure Active Directory also works.

Note: In Azure AD we have to register separately for each application i.e., Subitup
Accounts application, Mobile application and TimeClock application.

Repeat the below steps for each application separately and, in each step, check the
application specific settings and apply accordingly.

Azure Active Directory:

Setup App registrations in Azure AD for Subitup:

Step 1:
1. Navigate to “Azure Active Directory”(AAD).
2. Navigate to “App registrations” from the left-hand navigation bar. Click on “New

Azure 1

3. Enter a name for the app registration and then click “Register”. (Please refer to
below screenshot)

Name for each application:
a. Accounts Application: Subitup-Accounts
b. Mobile Application: Subitup-Mobile
c. Timeclock Application: Subitup-Timeclock

Azure 2

Step 2:

1. Once the App is registered, from the left nav, go to “Authentication” under
Manage section.
2. Click on “Add a platform” and select “Web”.

Azure 3

3. As we have multiple Redirect URIs for each application, please configure one
URI at a time.

I. Add the first Redirect URI, Logout URL and click on “Configure”. Refer to
below image: configure

II. Now you can see a “Add URI” button, click on it to add the remaining
Redirect URIs of that particular application. Refer to below image: add URI

Redirect URIs & Logout URL for each application:

a. Accounts Application:

i. Redirect URIs:
      1. https://account.subitup.com
      2. https://account.subitup.com/SingleSignOn.aspx
      3. https://account.subitup.com/SSO/ADFSDefault.aspx

ii. Logout URL: https://account.subitup.com/SingleSignOn.aspx

b. Mobile Application:

i. Redirect URIs:
     1. https://account.subitup.com/SingleSignOn.aspx
     2. https://mobilesecure.subitup.com/#singleSignOn
     3. https://mobilesecure.subitup.com/SSO/ADFSDefault.aspx
     4. https://mobilesecure.subitup.com
ii. Logout URL: https://mobilesecure.subitup.com/#singleSignOn

c. Timeclock Application:
i. Redirect URIs:
     1. https://www.timetrackpay.com/SSO/ADFSDefault.aspx
     2. https://www.timetrackpay.com
ii.Logout URL: https://www.timetrackpay.com

Azure 4

Azure 5

Step 3:

1. Navigate to “API permissions” from the left-hand navigation.
2. Click on “Grant admin consent for Default Directory” and click on “Yes” when

Azure 6

3. Once the permission is granted the status for “User.Read” will be updated to
“Granted...” like below.

Azure 7

Step 4:
1. Navigate to “Expose an API” from the left-hand navigation.
2. Click on “Application ID URI - Set”

Azure 8

3. There will be default Application ID URI provided, please use them and share those respective Application ID URIs with Subitup Support team. 


Add Users to the App registrations:

Here we will see how to Add Azure AD users to the created App registrations.

Step 1:

1. Go to Azure AD, from the left-hand nav under “Manage” select “Enterprise

Azure 9

2. From left-had navigation under “Manage”, select “All applications”. From Application
type dropdown, select “Enterprise Applications” and click on Apply.

3. From the list click on the respective App registration. (E.g.: Subitup-Accounts)

Azure 10

4. From the opened Enterprise application, from the left-hand nav under “Manage”,
select “Users and groups”.

5. Click on “Add User”.

Azure 11

6. On the opened window, click on “Users” and search the users using their email
ids (in the right-side slide-up) who need the SSO login for respective App
(If you do not find the required email id, please enter the email id manually and
there will be an option to invite them).


7. Once the desired users are selected, please click on “Select” and then click on
“Assign”. (Please refer to the below image with numbering)

Azure 12

8. Note: Please follow the above steps for all the App registrations and add the
Users respectively.


Congratulations!! You are all set to make these configuration changes in Subitup
Accounts Application.