Setting up single sign on with Microsoft

Changing your Projectworks environment to using SSO is an easy process that your administrator can perform.

This article covers:

 

The process for setting up Single sign on is straight forward.

Initially your environment will be set up to be able to operate in a hybrid mode, where you can specify which users login with SSO and which users can login using the “standard Projectworks credentials”.

The person performing the first part of the process will need to: 

  • have access to the Projectworks admin section (Single Sign On)
  • know your Azure AD Global Admin credentials

    Setting up SSO

    The setup is performed in admin > integrations > single sign on

    Click the Go to Microsoft to enable SSO button and login with your Azure AD Global Admin credentials

    SSO - 2 connect

    This process of enabling SSO will:

    • install the Projectworks SSO app registration into your Active Directory
    • allow the Global Admin to grant consent for Projectworks to read your user profile information from Azure AD and for your users to login to Projectworks

       

      Once done, Projectworks and your Azure AD are now connected! Your next step is to decide whether the default login method will be:

      • Standard login (using email and password set in Projectworks)
      • SSO (using your Microsoft credentials)

      You can still manually disable SSO for specific users if required, and the Projectworks administrator can disable SSO at anytime which will revert all users to standard login mode.

       

      NOTE:

      Once you have successfully done this step you will be logged in as the Azure AD Global Admin account.

      You can switch your Projectworks user account as SSO enabled first, then close your browser to clear the Microsoft authentication session/cookie).

      Open up browser and login to Projectworks with "your" account – using your Microsoft online credentials.

      Enabling SSO for Projectworks users

      While operating in hybrid mode you will need to specify which users are logging in using SSO. You specify that on the admin > users screen.

      The action menu (three dots) to the right of each user will have the option to “Enable SSO”. Simply select that to change that user to need to log in using their Microsoft online credentials.

      SSO - 4 enable users

      Once a person is set as SSO enabled they can only login using their Microsoft online credentials. Any user access policies (eg MFA) you have set up will apply to users logging in to Projectworks.

      Once logged into Projectworks what a user can access within the application is controlled by the access level they have been assigned in Projectworks.