To set up SSO with doxy.me, you'll need to create a new enterprise application within Azure. Any users signing into doxy.me will first need to be assigned access to this application, and will need to authenticate from your clinic page which will appear similar to: https://subdomain.doxy.me/sign-in (be sure to replace subdomain with your actual clinic subdomain).

Setup

From your Azure dashboard, go to Enterprise applications.

Enterprise Applications tab
  1. Select + New application

  2. Select + Create your own application or Non-gallery application
    - Give your app an identifier or simply use your clinic domain as the name.
    - Select Integrate any other application you don't find in the gallery

Configuration

From the Overview tab, go to the Single sign-on tab and select SAML as the protocol.

Single sign-on protocol

Within Basic SAML Configuration:

  1. Set your Identifier (Entity ID) to: https://api.doxy.me/auth/institution/SAML2

  2. Set your primary Reply URL (Assertion Consumer Service URL) to:
    https://subdomain.doxy.me/sign-in and check the Default box.
    - (be sure to replace subdomain with your actual clinic subdomain)

  3. Set your secondary Reply URL to: https://api.doxy.me/auth/institution/SAML2/callback?institutionId=XXXX
    - (provided by your CSM)

  4. Set your Relay State to: https://subdomain.doxy.me/account/dashboard
    - (be sure to replace subdomain with your actual clinic subdomain)

Within User Attributes & Claims:

  1. Set your Unique User Identifier to: user.mail
    - doxy.me authentication validates the user account email against the email present in Azure identity management, and they will need to be identical.
    - If users typically login to other applications using a shortener such as firstnamelastname or username, then a claim transformation may be needed specifically for doxy.me in order to pass the email instead.

Example configuration:

SAML sign-on configuration overview

A few things your CSM will need from the configuration:

  1. Your Login URL

  2. Your App Federation Metadata URL (or XML file)

JIT (Just-In-Time provisioning)

With JIT enabled, you can create and assign new users to your doxy.me app without needing to manually invite or create doxy.me accounts first. Once an assigned new user authenticates, they'll be prompted to finish setting up their account by selecting a room name before being taken to the dashboard.

  • To remove a clinic user or seat, an account admin will still need to manage that from Account Settings / Clinic Settings / Manage Users.


A few things to note:

  • Once enabled, SSO will replace the traditional sign-in methods for your clinic.

  • When logging in, users will need to authenticate from their clinic login page rather than an external app dashboard.

  • Existing users can always login using email/password by going to https://doxy.me/sign-in and will be offered a redirect to their clinic dashboard.

If you have any questions or would like assistance with configuration, please contact your CSM or chat with our support team 🙂

Did this answer your question?