Configuring SSO using Azure AD
1. After logging in to your instance of Azure AD, go to your Active Directory and click on the Enterprise applications.
2. Add a new application; search for XpressDox in the gallery and add it to your list of Enterprise applications.
3. Click the ‘Sign In or Register with Microsoft’ button. You will be redirected to Azure AD and will go through the authentication process, after which you will return to XpressDox. One of the following two scenarios will apply:
– a new account will be created if you do not already have an existing XpressDox account. You will be assigned as an Administrator to this account.
– if you do have an XpressDox account, it will be linked to your Tenant in Azure AD and you be logged in immediately. Only XpressDox Administrators can link accounts.
In both of the above scenarios, additional users will be added to the XpressDox account, when they login to XpressDox for the first time, if those users are already in the Azure AD Tenant.
4. The Application in Azure AD can configured as necessary. Please note the following two settings:
5. User access to XpressDox as well as their role within XpressDox can be managed / configured in Azure AD e.g. File / Account Administrator or Template Runner.
There are some settings to note in XpressDox:
– The Tenant ID is populated the moment the account is created. It is a read-only field.
– There is a ‘Force Azure AD login only’ checkbox which can be switched on and off. Switching it on prevents users from logging in using any method other than Azure AD. Switching it off allows both methods; logging in using XpressDox credentials or logging in via Azure AD SSO.