Coactive environments can be setup so that users can use their Office 365 account to login. SSO setup for Coactive environments is straightforward and requires only 3 values from Azure Active Directory. This article will guide you through the setup of SSO for Office 365 / Azure AD:
- Get the Tenant ID from Office 365 / Azure AD
- Register the Coactive App with Azure AD
- Enable SSO in Coactive and enter Tenant ID, Client ID, and Client Secret
- Create user accounts for SSO
Get the Tenant ID from Office 365 / Azure AD
The Office 365 Tenant ID identifies your Office 365 account with Microsoft. Microsoft describes how to find your Tenant ID in this article., however, the article does not tell you to where to find your Azure AD portal. To find your Azure AD portal:
- Goto https://aad.portal.azure.com
- Log in as an administrator
- On the left rail, click Azure Active Directory
- Under Manage, click Properties
- Copy the value in the Directory ID field. This is your Tenant ID.
Register the Coactive App with Azure AD
In order to use Office 365 / Azure AD as an authentication method for Coactive, the specific Coactive environment must be registered as an Application in the Azure AD application directory.
For this example, we will register the Coactive environment using the example domain sandbox.coactiveapps.com:
To register an application with Azure AD:
- Navigate to https://apps.dev.microsoft.com
- Login as an administrator
- Click Add an App
- Enter a name for the app and click Create
- On the application registration page, there is an Application Id token. This is your Client ID and will be needed to enable SSO in your Coactive environment.
- Next, click Generate New Password
- A password will be generated and displayed. This is your Client Secret and will be needed to enable SSO in your Coactive environment.
- Next is to add a platform. Under Platforms, click Add Platform
then select Web
- You will need to enter two values to enable authentication for your environment. These urls will have to be adjusted to your environments domain url. In this example, the environment domain url is sandbox.coactiveapps.com
Enter or Copy/Paste these values, replacing sandbox.coactiveapps.com with your environment's domain url:
- Grant application access. Additional application access can be granted, but the following Delegated permissions must be granted to enable SSO. Click the Add button to select permissions.
- Click Save to complete the application registration in Azure AD.
Enable SSO in Coactive and enter Tenant ID, Client ID, and Client Secret
Once you have registered your application in Azure AD, you should have a Tenant ID, Client ID, and Client Secret. Now SSO must be enabled in your environment using these values to enable authentication using Office 365 / Azure AD. To do this:
- Navigate to your Coactive environment
- Login as a user with Designer permissions
- In the designer toolbar, click the System Settings icon
- On the SSO tab, check Enable office365 SSO and enter your Tenant ID, Client ID, and Client Secret values.
- Click Save & Close and refresh your application, or just logout. You will see a new button on the login screen to use Office 365 to login.
Create user accounts for SSO
The final step for using SSO to login is to create user accounts. This process is the same as creating other types of user accounts, however the login ID field, or email address specified in Coactive as the login ID, must exactly match the email address that the user uses to login to Office 365. If a Coactive user is not found with the matching email address, the user will get the following error after authenticating with Office 365.
"This office 365 account does not match any accounts for this app environment"
To fix this, be sure that the email address used with Office 365 exactly matches the email address used as the login ID in Coactive.
Why am I prompted to reset my password in Coactive after logging in using Office 365 / Azure AD the first time?
This is a configuration problem when the user account was created. Be sure that SSO enabled accounts have the Force Password Change on Next Login option cleared when creating or resetting user accounts. You can easily fix this for an existing account by running a task on a selected user with an action to Reset User Account as configured below.