Setting up Single Sign-on (SSO) with Microsoft Entra ID

Changing your Projectworks environment to use SSO is an easy process that your administrator can perform.

Initially your environment will be set up to be able to operate in a hybrid mode, where you can specify which users login with SSO and which users can login using the “standard Projectworks credentials”.

The person performing the first part of the process will need to: 

  • have access to the Projectworks admin section (Single Sign On)
  • know your Microsoft Entra ID Global Admin credentials

    Setting up SSO

    The setup is performed in admin > integrations > single sign on

    Click the Go to Microsoft to enable SSO button and login with your Microsoft Entra ID Global Admin credentials

    SSO - 2 connect

    This process of enabling SSO will:

    • install the Projectworks SSO app registration into your Active Directory
    • allow the Global Admin to grant consent for Projectworks to read your user profile information from Azure AD and for your users to login to Projectworks

       

      Once done, Projectworks and your Microsoft Entra ID are now connected! Your next step is to decide whether the default login method will be:

      • Standard login (using email and password set in Projectworks)
      • SSO (using your Microsoft credentials)

      You can still manually disable SSO for specific users if required, and the Projectworks administrator can disable SSO at anytime which will revert all users to standard login mode.

       

      NOTE:

      Once you have successfully done this step you will be logged in as the Microsoft Entra ID Global Admin account.

      You can switch your Projectworks user account as SSO enabled first, then close your browser to clear the Microsoft authentication session/cookie).

      Open up browser and login to Projectworks with "your" account – using your Microsoft online credentials.

      Enabling SSO for Projectworks users

      While operating in hybrid mode you will need to specify which users are logging in using SSO. You specify that n a couple of places:

      • People list screens (All People, People by Access)

        • The action menu (3 dots) to the right of each user will have the option to “Enable SSO”. Simply select that to change that user to need to log in using their Microsoft online credentials.

      • Person > Settings > General

        • Navigate to, or search for the person and go to their Settings tab where you can see an Enable SSO link.

      Once a person is set as SSO enabled they can only login using their Microsoft online credentials. Any user access policies (eg MFA) you have set up will no longer apply to these SSO enabled users. 

       


      Does your organisation have multiple active directories?

      A Projectworks environment is only able to be connected to one Microsoft Entra ID at a time.

      However if your organisation has more than one active directory there are options available for you (all handled within Microsoft Entra ID - not Projectworks).

      You are able to add a person as a guest within the Microsoft Entra ID you have connected Projectworks to. This will allow that person/account to use SSO and the login with Microsoft option do access Projectworks.