Single Sign On (SSO)

Prancer Web supports Single Sign-On (SSO) for corporate login with Azure accounts. The admin must provide access from the SSO screen and set up the Service Principal Name (SPN) before provisioning. The user needs to enable the setting to access company data, add API permissions, and grant admin consent. The admin can test SSO by populating the Azure Group members list with the required details and selecting users for provisioning. The provisioned users can access the application via corporate login, and the admin can manage the list from the User Management screen.

Azure users to be provisioned to use Prancer should be added to an Azure group.

Before provisioning, the user is required to set up the Service Principal Name (SPN)

Prancer Web is supporting the Corporate Login with Azure account.

To allow the user to login with an Azure account the admin provisioning SSO on the Prancer Portal has to add the user from the list shown from the SSO screen.

Enable setting to allow the user to access the company data.

  • Azure Active Directory -> Enterprise applications-> Consent and permissions -> User consent settings

  • Select the Allow user consent for apps option, under the User consent for applications section.

  • Add API permissions

    • Open on Azure Active Directory and click on App registrations
    • Select an application from All Applications list
    • Open API Permission page:
      • Manage -> API Permissions
    • Click on "Add a Permission" button
    • Select Microsoft Graph option from Microsoft APIs tab.

    Add the following permissions:

    • Application permissions
      • Directory.Read.All
      • Group.Read.All
      • GroupMember.Read.All
    • Delegated permissions
      • Group.Read.All
      • GroupMember.Read.All
      • User.Read
    • After add permissions do the Grant admin consent to apply the permissions.

Require the following items to configure SSO:

  • Directory (tenant) ID
  • Application (client) ID
  • Group Object Id
  • Client secrets

Click on Connect button. It will populate member list from the Azure Group and display them on the UI. Admin can select one or more users from the list and provision those users.

img/sso/provision_user.png

  • On completion of SSO provision, the users should use the Corporate Login button.

img/sso/user_login.png

Admin can see the provision users list from the User Management screen and take back the access by deleting that user from the list.