7

Users

Last Update 8 months ago

Users tab overview Set up Microsoft Single Sign-on and Multi-factor Authentication User activation for existing users Activate SSO and MFA in Proxuma Create and activate new users

Set up Microsoft Single Sign-on and Multi-factor Authentication

Karla

Last Update 8 months ago

Microsoft Single Sign-On (SSO) Login allows users to access multiple Microsoft services and third-party applications with one set of credentials, thus eliminating the need for multiple passwords.


If you need an additional layer of protection and require users to pass through various authentication methods, enable Multi-factor Authentication (MFA). We recommend enabling these two security authentication methods to provide both security and convenience for users when logging in to Proxuma.

📝Inside this article

  • App Registration in Microsoft Azure
  • Client ID, Tenant ID, and Redirect URI
  • Client Secret and API Permission
  • Proxuma Single-Sign On (SSO) Settings
  • Creating new Microsoft Log-in credentials

📋What you'll need

  • A working Azure account to access the portal.
  • Access to Proxuma's Single Sign-On (SSO) Settings under the Settings module.
  • Client ID - You can get this from your Azure Application
  • Tenant ID - You can get this from your Azure Application
  • Client Secret - You can get this from your Azure Application
  • Redirect URL - You can get this from Proxuma (Email Settings)

📖Definitions

  • Microsoft Azure

    Microsoft Azure is a cloud computing service that offers an extensive framework for data storage, software development, and other innovative solutions. Azure lets you register Proxuma via their App registrations to generate the needed keys and Redirect URLs. These details are necessary for Microsoft Single-Sign On (SSO) to work in Proxuma.

  • Client ID
    A Client ID is a unique code assigned to each app. This code is the app's public identifier, usually 32 characters long, from 0 to 9 and A to F.

  • Tenant ID
    A Tenant ID can be found in the Azure portal. This globally unique identifier (GUID) is associated with your Microsoft 365 organization and differs from your organization's name or domain. Tenant IDs are also used to configure OneDrive policies.

  • Redirect URI
    A redirect URI manages the system’s User Authentication Flow and the redirection of a user after signing in. 

  • Client Secret
    A Client Secret is a unique password between the app and server. This password is a combination letters, numbers, and special characters.

  • API Permission
    Application Programming Interfaces allow apps to communicate with each other. Correctly setting up their connections provides users a seamless integration between apps and users.

  • Single-Sign On (SSO)
    Allows a user to login and authenticate their identity with a single Identification. Think of having a master key where you can open multiple doors using only one key. This is a popular authentication scheme that provides users a quick and convenient way in accessing their online accounts.

  • Multi-Factor Authenticator (MFA)
    Compared to SSO, this authentication method allows a user to login their online accounts using multiple verification methods via the user's smartphone, biometrics, Email tokens, etc. MFA is like having a multiple locks in your door, you need to open these locks first if you need to come in.

📝App Registration in Microsoft Azure

Microsoft Single Sign-On (SSO) Login enables users to access various Microsoft services and third-party applications using a single set of credentials, eliminating the need for multiple passwords and logins to different applications. 

1. Visit https://portal.azure.com and log in with your
Outlook credentials.🔑
2. After logging in, Click on the App
Registration.📄

3. Click the "New registration" button.🆕

4. Enter your chosen App name, and then select Accounts in this organizational directory only ("Your Company
Name" only - Single tenant).🏢 

5. From the Redirect URI, select the
option Web, from Select the Platform.🌐
6. Click on the Register button.📝

💡Pro tip: Choose an easy to remember name, so you can easily find the app registration when you are done (Example: SSO/MFA registration for Proxuma).

🔑Client ID, Tenant ID, and Provider Redirect URI

To obtain the Client ID, Tenant ID, and Redirect URL, follow these steps:


1. After successfully registering an app, you will get both client ID and Tenant ID.🔑

Copy these IDs and paste them to the Client ID and Tenant ID fields under Proxuma's Settings > SSO.🔍

2. Click the Add a Redirect URL link beside "Redirect
URls".🔗

3. Click Add a platform and then hit Web.🌐

4. Copy the Provider Redirect URI from the SSO setting🔄

In this example, the Provider Redirect URL link is:

5. Paste it to Redirect URL field.🔗

💡You can add more URLs if you need to.

🔒Client Secret and API Permission

To get the Client Secret and set up API Permission, follow these steps:

1. Go to Overview page again, and click Add a Certificate or Secret.🔐

2. Click New Client Secret.🔑
3. On the Add a client secret popup, add a description.📝

4. Set the expiry of the new credential.🕒 

5. Once done, click the Add button.🛠️

6. Copy the value.📋 

⚠️Important: Ensure to keep a record of the value you copied. This value will only be displayed once after creation.

7. Paste the value to the SSO field in Proxuma.🔒

8. Next, choose API permissions from the list and add permission to sign in.🔒

9. Click Add Permission and select Microsoft Graph.🛠️

10. Select Delegation permission.🔑 

11. Under Open ID permissions, select email, openid, and profile.👤 

12. Click on the Add permission button to set permissions.🛠️ 

13. Save all SSO settings on Proxuma and click Save Changes.🔄

💡Pro tip: You can also enable MFA to add security to a user's account. You can enable both, which provides users with a seamless account login using only their Microsoft account, and the security MFA offers that requires a TOTP code every time they log in.

14. Once SSO is activated, you can now use your Microsoft Login.🚀

🛠️Creating your new Microsoft Log-in credentials

1. Open your browser and visit this link https://developer.microsoft.com/en-us/microsoft-365/dev-program and click on the Join Now button.🌐

2. Login with your credentials or you can register a new account by clicking on Create One.🔐


If you are a new user, follow the steps below:

  • Enter your email address or choose a new address from Outlook
  • Enter your desired password
  • Complete captcha

3. Select Custom solutions for my own customers and click the Next button.⏩

4. Select Microsoft Graph & Outlook and then 

5. Click Save.💾

6. Go back to step 1 and continue the process.🔄

🔖Related articles

Activate SSO and MFA in Proxuma

Learn how to activate Single Sign-On (SSO) and Multi-Factor Authentication in Proxuma. Get the latest security features for your users.

Create and activate new users

Onboard new customers and learn how to create these users in Proxuma once imported from Autotask.

Microsoft Single Sign-on (SSO) Login Guide
Identify the different login scenarios in Proxuma. This article will cover inactive accounts, missing licenses, and non-existing users. Additionally, this topic will explain how an account will log in to Proxuma if their SSO is enabled or disabled.

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us