Skip to Content

User Guide

Business Portal Login

Enable SSO for Azure

National Crime Check supports single sign-on (SSO) using Azure.

Single Sign-On connections can be logged in from the NCC website using a direct login link, or login to NCC from the My Applications portal.

The following SAML attributes are supported:

first_name (empty namespace) Attribute user.givenname
last_name (empty namespace) Attribute user.surname
role (empty namespace) Used for role-based permissions. Optional.

There are three steps for integration:

  1. Get service provider details
  2. Register application
  3. Enter the identity provider details

Further details are provided below.

1. Get service provider details

  1. Navigate to the Staff section and then the SSO tab
  2. Click the Azure icon
  3. Click the Download Metadata XML button and save the metadata file
    Please Note: Do not close this window because it you will need it again later.

2. Register application

  1. Sign in to the Azure portal and sign in using one of the roles listed in the prerequisites.
  2. Browse to Azure Active Directory and select Enterprise Applications
    The All Applications pane opens and displays a list of the applications in your Azure AD tenant
  3. In the Enterprise Applications pane select New Application then select Create your own application
  4. Enter an application name, e.g. "National Crime Check" and select Integrate with any other application option
  5. Select Single Sign-On and then SAML option
  6. Select Upload Metadata File and then select the metadata file which you saved earlier, then click Add button
  7. Click Edit on Attributes & Claims
  8. Delete all the additional claims, then add claims for first name and last name
    first_name, without namespace, attribute source, user.givenname
    last_name, without namespace, attribute source, user.surname
  9. Find the SAML Signing Certificate and click the Edit button
  10. In the Signing Option drop-down list, choose Sign SAML response and assertion then click Save
  11. Download the *Federation Metadata XML * identity provider metadata file by clicking the Download link
    Save this file somewhere memorable as you'll need it for the next step

3. Enter the identity provider details

  1. Return to the integration dashboard SSO tab
    This tab should already be open from earlier.
  2. In the Identity Provider section, choose the Upload metadata file option
  3. Select the file using the browse button
  4. Choose the permissions which are available for single sign-on users
    These permissions will be used for a "default" role. You can modify this role or create additional roles later.
  5. Click the Enable Single-Sign-On button