Single Sign-on with Azure AD (Microsoft Entra ID)

Introduction

With Azure AD-based Single Sign-on users are located in one or more tenants. Each tenant decides which users are granted access to the Softadmin® system, and usually also which rights they will get in the system.

Modes

Azure AD Single Sign-on

How it behaves

Users are redirected to the Azure AD portal. If the portal grants them access to the system, then it redirects them back to Softadmin® and an entry in SoftadminApi.User is created or updated based on the information from Azure. Finally, the SingleSignOnLoginProcedure will be called.

When to use

When all users are in Azure AD tenants and you trust the administrators of these tenants.

Azure AD Mixed Single Sign-on

How it behaves

Users can either log in using local Softadmin® accounts or choose Azure AD login. If they choose Azure AD login then they are redirected to the portal. Once a user has successfully logged in using Azure AD a cookie will be saved in their browser and until that cookie is removed they will, in the future, be redirected directly to the Azure portal.

If the portal grants them access to the system, then it redirects them back to Softadmin® and an entry in SoftadminApi.User is created or updated based on the information from Azure. Finally, the SingleSignOnLoginProcedure will be called.

When to use

If you need to grant external users access to the system then we recommend the use of Azure AD guest users, but when that is not possible you can use Azure AD Mixed Single Sign-on.