Azure SSO
      Back to home
      1. Knowledge Base
      2. Integrations
      3. Azure SSO

      How to Integrate Azure AD B2C with the WorkEasy Platform


      1. Refer to How to Integrate Azure SSO Customers with WorkEasy Software
      2. Refer to the Microsoft Azure documentation to create an Azure B2C tenant. This will ensure that the customer has an Azure and a tenant subscription.
      3. Refer to the Microsoft tutorial to register the application in the Azure B2C tenant and configure the redirect URI.
        1. Enter a name for the registered application that reflects its purpose.
        2. Under Supported account types > Who can use this application or access this API?, select the third radio button Account in any identity provider...
        3. Use the following Redirect URI:
          <IdentityServer BaseUrl>/federation/AzureB2C.<CompanyCode>/signin
          such as
          https://prism-time-accounts.workeasy.net/federation/ab2c.12345/signin
          The customer company code is 12345.
        4. Good to know:
          - Although multiple Redirect URIs can be added, only the first one is utilized.
          - Changes may take 3–5 minutes to take effect.
      4. Next, go to Manage > AuthenticationImplicit grant and hybrid flows section, and select ID tokens (used for implicit and hybrid flows).
      5. In Manage > Certificates & secret > Client secrets, click + New client secret to generate a new client secret.
      6. Enter a Client secret Description and select an expiration date, which is set to 6 months by default. Copy the newly created secret and store it in a secure location, as it will be used later.
      7. Next, create a new user flow by following Microsoft's instructions.
      8. Under Policies, on the left menu, select User flows.
      9. Click + New user flow.
      10. Go to Home > Azure AD B2C > User flows > Create a user flow page, select Sign up and sign in.
      11. On the Create page, enter the Name with the default naming convention <TenantName>_signinandup.
      12. Select Email signup.
      13. Make all the other selections as shown here.
      14. Go to User flows and select the tenant you created.
      15. Select the checkboxes Country/Region, Email Address, Given Name, Surname, User is new, User's Object ID.
      16. Go to Settings > Properties and select the checkbox Self-service password reset checkbox in the Password configuration section.
      17. If necessary, add a new Azure AD B2C user by going to Home > Azure AD B2C > Users.
      18. Ensure users exist in both Azure B2C and the WorkEasy platform with matching email addresses.
      19. Copy the Domain name.
      20. Copy the Application (client) ID, and Directory (tenant) ID from Azure B2C.
      21. Provide the necessary details such as company code, tenant code, tenant ID, client ID, client secret, user flow name, and domain name to WorkEasy Software.
        Send the required information to WorkEasy Software to register the application
        The data required is:
        1. EWF CompanyCode: Company Code in WorkEasy Software
        2. AB2C_TenantCode: Use the TenantName from Step 1 (in this example: ‘ewftestorg’)
        3. AB2C_TenantId: Directory (Tenant) ID from Step 5.
        4. AB2C_ClientId: Application (Client) ID from Step 5.
        5. AB2C_ClientSecret: EWF IdentityServer Secret copied on Step 3.
        6. @AB2C_UserFlowName: Use the flow Name from step 4 (in this example: ‘B2C_1_ewftestorg_signinandup’)
        7. @AB2C_DomainName (in this example: ‘ewftestorg.onmicrosoft.com’)
      22. Register the application for SSO and test the login process using the customer-specific URL for Azure B2C. The URL format is as follows:

        https://accounts.workeasysoftware.com/Account/login?urltoken=<CompanyCode>

      23. Click under the Sign In button where it says Or Sign in with: Azure B2C. The application will redirect you to Azure to perform the Single Sign-On (SSO).

      You're done! 🙂👍