PowerDMS Azure AD Application Configuration

SUMMARY

The following instructions outline connecting Single Sign-On for your site via Microsoft Azure Active Directory (Azure AD).

CONTENT

Single Sign-On (SSO) 

SSO is an optional PowerDMS feature that allows our customers to simplify their authorization process when signing into their computer and its programs. SSO uses the customer's domain credentials, management system, and login pages, so only one sign-in is necessary for users to access their organization's site and PowerDMS.

For SSO to work for all users within your site, Site Administrators must turn SSO on from their Administration Menu > Settings > Security > Single Sign On.  

Only one SSO connection is allowed per site.

Contact your PowerDMS CSM for your SSO Application licensing information.

 

Configuring SSO for Azure AD

You can leverage Azure AD for SSO in PowerDMS through OpenID Connect (OIDC). 

1. First, you'll create an App Registration in your Azure instance. PowerDMS will need the following from you: 

• Your tenant domain and any domain aliases you're using. 

• An application (client) ID from the app registration you build. 

• A client secret value from the app registration you build. 

2. Navigate to Azure Active Directory > App Registrations and click New Registration.

3. Provide an easily identifiable name on the screen that comes up. 
    

4. Click the circle next to Accounts in this organization directory only. 
    

5. Select Web from the drop-down menu and paste the following into the Redirect URI section: https://accounts.powerdms.com/login/callback.
    

6. Click the Register button.

7. On the next page, copy the Application (client) ID value. You will need to provide this to PowerDMS.

8.  From the left-hand sidebar menu, select Token Configuration and then click Add Optional Claim.

9. Select the ID radio button, then check the box next to UPN. Click the Add button at the bottom of the prompt, then click Add again on the page that pops up. 

10. In the left-hand sidebar menu, select Certificates and Secrets.
     

11. On the page that appears, click New client secret.

     

12. On the popup, provide an easily identifiable Description (such as "accounts.powerdms.com") and select an expiration for the Client Secret. Click the Add button.

13. Copy the string from the Value column and set it aside for later use.

14. Click API Permissions in your left-hand sidebar menu. On the page that appears, click the Grant admin consent button and the Yes button in the screen's bottom left corner.

15. Log into your PowerDMS site and open the Administration Menu from the drop-down menu below your name in the upper right corner of your screen. Navigate to Settings > Security > Single Sign On.

16. Select the Azure AD radio button.

17. Paste in your copied Application (client) ID, Client Secret Value, and Tenant Domain. You may also want to enter any domain aliases your organization may use, with each one separated by a comma, but this is optional.

18. Click Save.

19. To test your SSO, try to log into PowerDMS as a synced user. You should automatically be redirected to your corporate login page.

Having Sign-In Issues?

If your SSO isn't working, you can still log into your PowerDMS site using your Admin username and password. Go to https://powerdms.com/ui/login.aspx?formsauth=true. 

If SSO login errors persist, please contact PowerDMS Support.

The System for Cross-domain Identity Management (SCIM) protocol follows all error codes and messages. Please, save any error messages by taking screenshots or copying the message's details. PowerDMS may need these to help you.

RELATED ARTICLES

Article:  Configuring Microsoft ADFS 2.0 for PowerDMS Federation
Article: Configuring SAML for PowerDMS
Article: PowerDMS Basic User Guide
Article: PowerDMS Mobile SSO Single Sign On
Article: PowerDMS Site Preparation

SECURITY REQUIRED

Site Administrator