For Pronestor Planner in the cloud, SSO is possible to setup through the customer's Azure AD. This requires that you have Azure active directory integration setup.
It will enable users to utilize their existing login credentials - and it will allow IT managers to ensure that logins and password policies to be maintained within their Azure AD.
You have to have Azure Ad import setup firsts. See https://helpdesk.pronestor.com/hc/en-us/articles/360000927486-AD-Integration-with-Azure-AD
The users login have to be their email.
Setting up SSO - is a two-step setup:
1. step requires the customer to allow Pronestor to authenticate towards their Azure AD
2. step requires Pronestor to configure Pronestor Planner to authenticate towards the customers Azure AD
In the example, an imagined customer, Acme Inc, is provisioned on https://<customer_name>.pronestor.com
They are an Office 365 customer with the domain "acme.com". Their Office 365 account is backed by an underlying Azure Active Directory (Azure AD) instance.
1. STEP - [performed by the customer]
The customer must create a new application in Azure AD.
In this guide, we will reference the customer as by acme.com - which should be replaced with customer's domain.
- Login to Windows Azure portal - https://manage.windowsazure.com
- Select “Azure Active Directory” in the left-hand side menu.
- Choose "App registrations"
- Click "+ New application registration"
- In the name field - give your application a name (e.g. Pronestor Planner)
- In application type choose the option “Web app/API"
- Set "Sign - on URL" : https://<customer_name>.pronestor.com>/Booking.NET/Login.mvc/Login
- Click "Create"
- Choose "Settings"->"Properties"
- Copy text from "Home page URL" to "App ID URI"
- Set "Multi-tenanted" to "No"
- Click "Save"
2. STEP - [performed by Pronestor]
Please ask Pronestor to perform step two. We will need the following information:
Your customer URL
Your Azure tenant ID
A reference to this guide (the link won't work for you) https://helpdesk.pronestor.com/hc/en-us/articles/115003547266
Customers Azure tenant ID, which can be obtained from the target domain's publicly accessible "federation metadata":
where <DOMAIN> is replaced with the organization's domain.
The <TENANT_ID> can be gleaned from the "entityID" attribute from the root xml-element "EntityDescriptor", e.g.:
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_4cc1521b-fde8-48e5-b641-5365f0854c66" entityID="https://sts.windows.net/<TENANT_ID>/">