Single Sign On ( SSO )

Overview

Prancer Web supports Single Sign-On (SSO) for corporate login with Azure accounts. The admin must provide access from the SSO screen and set up the Service Principal Name (SPN) before provisioning. The user needs to enable the setting to access company data, add API permissions, and grant admin consent. The admin can test SSO by populating the Azure Group members list with the required details and selecting users for provisioning. The provisioned users can access the application via corporate login, and the admin can manage the list from the User Management screen.

Before provisioning, the user is required to set up the Service Principal Name (SPN)

Prancer Web is supporting the Corporate Login with Azure account.

To allow the user to login with an Azure account first admin has to provide that user from the SSO screen on the Prancer Web application.

Enable setting to allow the user to access the company data.

  • Azure Active Directory -> Enterprise applications-> Consent and permissions -> User consent settings

  • Select the Allow user consent for apps option, under the User consent for applications section.

  • Add API permissions

    • Open on Azure Active Directory and click on App registrations
    • Select an application from All Applications list
    • Open API Permission page:
      • Manage -> API Permissions
    • Click on "Add a Permission" button
    • Select Microsoft Graph option from Microsoft APIs tab.

    Add the following permissions:

    • Application permissions
      • Directory.Read.All
      • Group.Read.All
      • GroupMember.Read.All
    • Delegated permissions
      • Group.Read.All
      • GroupMember.Read.All
      • User.Read
    • After add permissions do the Grant admin consent to apply the permissions.

Require following items for test SSO:

  • Directory (tenant) ID
  • Application (client) ID
  • Group Object Id
  • Client secrets

To populate the Azure Group members list to fill the following items:

  • Tenant Id
  • Service Principle Id
  • Service Principle Secret

  • Object Id of the group

  • Enter the correct details and click on the Connect button. It will populate all members' lists from Azure and display them on the UI. Admin can select one or more users from the list and provision those users.

img/sso/provision_user.png

  • Once the provision completes, those users can do the corporate login.

img/sso/user_login.png

Admin can see the provision users list from the User Management screen and take back the access by deleting that user from the list.