These instructions are intended for Azure/IT administrators or technical staff responsible for configuring identity and access management in their organization. The steps should be performed by someone with administrative access to both Azure Active Directory and WorkEasy Software.
See Set up Azure AD SSO if you need single sign-on for employees instead of external customers.
Ensure you have an active Azure subscription.
Follow the Microsoft guide to create an Azure B2C tenant. This ensures you have both an Azure account and a tenant subscription.
Use the Microsoft tutorial to register your application in the Azure B2C tenant and set up the redirect URI.
Enter a name for the registered application that clearly reflects its purpose.
Under Supported account types > Who can use this application or access this API?, select the third option: Account in any identity provider...
Add the Redirect URI:
<IdentityServer BaseUrl>/federation/AzureB2C.<CompanyCode>/signin
For example:https://prism-time-accounts.workeasy.net/federation/ab2c.12345/signin
The company code in this example is 12345.
Note:Only the first Redirect URI is used, even if multiple are added.
Changes may take 3–5 minutes to take effect.
In Manage > Authentication > Implicit grant and hybrid flows, select ID tokens.
In Manage > Certificates & secrets > Client secrets, click + New client secret to generate a new secret.
Enter a description, select an expiration date (default: 6 months), and save. Copy the new secret and store it securely.
Create a new user flow following Microsoft's instructions.
Select Sign up and sign in for the flow type.
Name the flow using the format
<TenantName>_signinandup
.Select Email signup and make all other required selections.
Make all other selections as shown here.
Go to User flows and select the tenant you created. Select the user attributes: Country/Region, Email Address, Given Name, Surname, User is new, and User's Object ID.
In Settings > Properties, enable Self-service password reset.
If needed, add a new Azure AD B2C user via Home > Azure AD B2C > Users.
Ensure users exist in both Azure AD B2C and WorkEasy with matching email addresses.
Copy the Domain name.
Copy the Application (client) ID and Directory (tenant) ID.
Send the following to WorkEasy Software:
CompanyCode: Company code
AB2C_TenantCode: Tenant name from earlier
AB2C_TenantId: Directory (tenant) ID
AB2C_ClientId: Application (client) ID
AB2C_ClientSecret: Secret from earlier step
@AB2C_UserFlowName: Flow name from earlier
@AB2C_DomainName
After WorkEasy Software have registered the application for SSO, perform a login test using: https://accounts.workeasysoftware.com/Account/login?urltoken=<CompanyCode>