Single sign-on options

EP Help General > Settings > General

pencil

To have access to the Administration settings, a user must have the ‘Manage system settings ’ permission enabled in her role. How to enable permissions, see Roles and Permissions.

 

pencil

The option is used only when trying to access Easy Projects pages other than the login page directly, e.g. a link, bookmark, etc. If you try to access Easy Projects via the login page you will need to go through standard login procedure, i.e. enter your Easy Projects login and password.

 

Single sign-on options is a tab on Administration settings screen.

 

Easy Projects supports Microsoft Azure's Single Sign-On (SSO) using Azure Active Directory (AD).

With this feature you can log in to Easy Projects via the authentication endpoint in Azure ID.

To learn more about SSO and Azure AD, click here.

 

Single Sign-on Protocol Flow

 

1.

Precondition 1: A user exists in Easy Projects with the same email as a user registered in the Azure Active Directory. On how to use the option of auto-propagating Easy Projects users at their first login to Easy Projects, see below.

Precondition 2: Single sign-on is enabled in Easy Projects. See below on how to enable SSO in Easy Projects.

2.

The user tries to access an Easy Projects page, e.g. Time Logs.

3.

The user is automatically redirected to the Azure Active Directory authentication endpoint.

4.

After successful sign-in, the user is redirected to Easy Projects and taken directly to the required page.

 

To enable single sign-on in Easy Projects:

 

1.

Go to User Menu | Settings | General | Single sign-on options tab.

2.

Click 'Enable single sign-on'.

3.

Click 'Apply' at the bottom of the section.

 

Enable auto-propagation of users

 

If you’d like Easy Projects to automatically create accounts for anyone who has access via Azure SSO at their first login to Easy Projects, use the following steps:

 

1.

Go to User Menu | Settings | General | Single sign-on options tab.

2.

With the 'Enable single sign-on' selected, select 'Create new users with the role'.

3.

Select a default role for the auto-propagated users from the dropdown list.

4.

Specify the email domain to be used with the auto-propagated users.

5.

Click 'Apply' at the bottom of the section.

 

pencil

The email domain is used to verify the identity of the user that is received with the security token from Azure AD. Only domains used in the Email domain field are allowed.

 

As a result, a user with the same name and email as the matching Azure AD user will be created in Easy Projects.