This article will walk through how to set up single sign-on using Azure AD and how the authentication flow changes along with that setup.
Setup an application in Azure AD
The first step in order to enable single sign-on using Azure AD is to set up an application in your company Azure AD. These are the steps that are required to set up an application:
- Navigate to https://portal.azure.com and sign in with your credentials
- Press the View button to manage your Azure Active Directory
- In the left navigation pane press App registrations
- Next in the top navigation pane click New registration
- Fill in the new application information as seen below and press the Register button
- Next click Add an Application ID URI
- Click the Overview button in the left navigation pane and then click the Redirect URIs link to register configurations for the desktop application
- Click the API Permission tab on the left navigation pane
- Select the User
- Read line and click Grant admin consent for X
Setup in TimeXtender
Start by navigating to the overview for the application just created in Azure AD.
Send an email to support (support@timextender.com) listing the following configuration information:
Azure Active Directory configuration
- Application ID: {your-application-id-uri}
- Tenant ID: {your-tenant-id}
- Federation metadata document:{your-federation-metadata-document}
Authentication flow
After the configuration has been set up and the application registered the flow in both the desktop application and web client will be slightly different.
Web client
Navigate to https://login.exmon.com and enter your email
If you have set up single sign-on using Azure AD, you will be redirected to your companies login site and it will probably look something like this:
Desktop application
Open up the desktop application. We are using TimeXtender Master Data Management as a demonstration in this example, but the same principle applies to TimeXtender Orchestration & Data Quality as well.