Versions Compared

Old Version 1

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.

  2. Select the External OAuth Services tab and then search for AzureAD.

  3. Click the Provider link for AzureAD.

  4. Click the Edit button for AzureAD.


  5. Update the Callback Url field with the FQDN of your EmpowerID server. The value entered should look similar to https://sso.empoweriam.com/WebIdPForms/OAuth/V2, where sso.empoweriam.com, is the FQDN of the EmpowerID web server in your environment.

  6. Click Save.

  7. On the navbar, expand Admin > Miscellaneous and click Lists.

  8. From the Lists tab, search for Whitelisted and then click the Display Name link for the Azure Multi-Tenant Whitelisted Domains record.


  9. Expand the Items accordion and then click the Add button in the grid header.


  10. Add your domain as a List Item. Enter the domain name in all three fields.


  11. Click Save.

  12. On the navbar, expand Admin > Applications and Directories and click Account Stores and Systems.

  13. Search for AzureGlobalIdP and then click the Account Store link for the record.


  14. On the Account Store Details page that appears, click the Edit link to put the account store in edit mode.


  15. From the Settings tab of the Edit Account Store page, go to the Provisioning Settings pane and locate the Default Person Business Role and Default Person Location settings.

  16. Under Default Person Business Role, click the Select a Business Role link and then search for and select the desired Business Role for the Person objects EmpowerID provisions from the account store.

  17. Click Save.

  18. Under Default Person Location (leave blank to use account container, click the Select a Location link and then search for and select the desired location for the Person objects EmpowerID provisions from the account store.

  19. Click Save.

Info

If you want to configure domain specific Business Role and Location allocation for the people EmpowerID provisions, please follow the below steps.

Configuring domain specific Business Role and Locations

  1. On the navbar, expand Admin > Miscellaneous and click Lists.

  2. From the Lists tab of the find ListDataItemSet page that appears, search for FQN and then click the Display Name link for FQN to BusinessRoleLocationMapping.

    Image Added


  3. On the ListDataItemSet page, expand the Items accordion and click the Add button on the grid header.

  4. In the List Items pane, add the following information:

    • Name / Key — Name of your domain

    • Display Name — Display name for your domain

    • Value — The OrgRoleOrgZoneID of the Business Role and Location combination in which you want people to be placed in.

      Image Added


  5. Click Save.

Add a Login Button for Azure Native Authentication

  1. On the navbar, expand Single Sign-On > SSO Connections and click SSO Connections.

  2. Select the IdP Domains tab and then click the IdP Domains link for the IdP Domain where you want the Login button to appear.

    Image Added


  3. Select the External OAuth Providers tab and then select the Azure Native Authentication provider.

    Image Added


  4. Click Save.

Tip

If a global administrator logs in using the Azure Native Authentication, the Azure consent prompt will include a checkbox “Consent on behalf of your organization”. If you check this option, the app will not prompt any other users in the organization to review the permissions; otherwise, all users in the organization will be prompted to review the permissions.

Insert excerpt
IL:External Stylesheet - Test
IL:External Stylesheet - Test
nopaneltrue