Description:
This article details the steps needed to configure an iPECS Cloud customer to sync with an Azure Active Directory and permit access to the Customer Manager or Customer User portals using a Microsoft Logon.
Pre-Requisites:
Must complete the application configuration in Microsoft Azure Active Directory Integration: Azure config and receive the following from the Microsoft Azure AD (MS AAD) admin:
- Application (client) ID
- Directory (tenant) ID
- Value of the Client Secret
Programming:
NOTE: Each MS AAD account can ONLY be used once. Thus, if you have a manager who also has a user account, they MUST each use a unique MS AAD account.
Enabling MS AAD lookup.
- All the configuration is done on a single screen in CM, located under 'Authority Setting', as MS AAD.
- Click Modify,
- Set the 'User Look-Up Usage' to 'Use',
- Paste in the values received from the MS AAD admin.
- Set the 'User Look-Up Period', frequency of the lookup can vary depending on how often changes are made to users there.
- Finally, click Save and then it is recommended that the first sync be done manually, by clicking the 'One-time Sync.' button.
NOTE: Only the following fields from the MS AAD user are synchronized with the Company Directory.
- User Principal Name
- Object ID
- First Name
- Last Name
- Office Phone
- Mobile Phone
In the Company Directory, the way to determine which accounts have been synched from MS AAD, a 'sync' column has been added and the value will be Yes for these accounts.
Assigning MS AAD account to an iPECS user.
This can fall under two categories.
New User - for this case, don't type a name, select the user from the drop down box labeled '-Direct Input-'
Existing User - For this case, it is recommended that the e-mail field be cleared if it does not match that in AAD as well as First name or Last name fields too, if those differ, then select the user from the '-Direct Input-' drop down.
Assigning MS AAD account to an iPECS CM Manager account.
NOTE: For a Customer Manager (CM) login, this can only be assigned by the currently logged in Manager. E.g. they must set up their own ID.