Microsoft Office 365 OAuth SSO
Introduction
You can activate an OAuth2.0 based Microsoft O365 Single Sign On at Flexopus. With the Microsoft OAuth SSO, you basically allow login for all users in the world who have a Microsoft O365 accounts, and you can restrict based on their domain settings which emails can or can not log in.
Read the article here.
During the setup process, we activate the interface for Microsoft Office 365 users for your cloud tenant and restrict the login option to email addresses with the domain @company.com. Afterward, your employees should be able to authenticate themselves directly with their MS365 credentials.
When they log in for the first time, Flexopus automatically creates a new user with name and email address in the backend. You can then subsequently assign special rights (e.g., Location Manager, Admin) or assign user groups to the user. An authentication check is carried out for each subsequent login.
Configuration Manual
STEP 1 - Activate Microsoft SSO
Navigate in Flexopus to Dashboard > Settings > Authentication
and create a new provider. In the pop-up select the option Microsoft O365 SSO
.
Enable the integration and set at the List of allowed domains for SSO
setting which domains are able to log in: my-company.com
, my-subcomany.de
.
*
however, this configuration is really not recommended. Try to specify who can or can not log in.Optionally, you can use also the option Require existing user profile to log in through SSO
, you can specify that users can only log in with an already existing account. After activation, application access is restricted to existing user accounts. New users must be added manually.
You can also decide with the Use UPN as email
setting which Microsoft attribute you want to use for the UPN synchronization. This is an advances settings. You can leave it on the default setting.
SAVE
your changes.
STEP 2 - Test the configuration
Open Flexopus in a new incognito window and test the login:https://{your-company}.flexopus.com/
or in case you have a custom domain, then go to the custom domain.
You should be able to log in with an existing or a new user, depending on how you configured the access rights in your Azure Active Directory and Flexopus.
Once the Microsoft SSO configured successfully, you can optionally disable the E-Mail and Password login and enforce all users to user Single Sign On. Navigate to Dashboard > Settings > Authentication
. You can find two options here:
- Disable password login
You can disable all email and password login forms. - Hide login form
You can hide the login form on the main login page with it, but there is a secondary login form../dashboard/auth/login
which you can leave open to use it for a backup admin user.
R0014