Skip to main content

Pronestor Workspace – Office 365 Single Sign On  

 

Background 

Creating and maintaining user access for Pronestor Workspace in organizations can be made a lot easier by allowing access to be controlled by your Azure AD and using your organization's normal privilege grant flow.  

By setting up Single Sign On with Office 365 and Azure AD, your organization can grant access to your employees without having to also create users in Pronestor Workspace.  

 

Setting up Single Sign On 

Setting up Single Sign On for Pronestor Workspace is easy.  

But before you start, please contact Helpdesk@pronestor.com, so we can set up the reply URL on Pronestors Azure. It won't work without that step.

Prerequisites 

  • Administrator access to your Azure AD 
  • Administrator access to Pronestor Workspace 
  • An Azure AD security group for Pronestor Workspace administrators 
  • An optional Azure AD security group for Pronestor Workspace bookers 

First, you need to contact Pronestor Helpdesk to let them know you would like them to enable Office 365 SSO for your solution. 

Once they have enabled it, you will need to connect your Azure AD to Pronestor Workspace. To be able to do that, you will have to have administrative privileges in both your Azure AD and in Pronestor Workspace. 

 

Setting up the Connection in Workspace

To connect your Azure AD to Pronestor Workspace, you need to go to Admin Settings and chose the Settings menu. You will now see a section called Azure AD Authentication. Press the Connect link to start setting up SSO. 

blobid0.png

You will be asked to begin the Azure AD Admin Consent process. 

blobid1.png

After pressing Begin Onboarding, you will be met by the Azure AD Authentication challenge you already know from other sites such as office.com. Throughout the onboarding process, you will be asked a number of times to authenticate yourself like this. This is because we are asking for permissions to read data from your Azure AD. 

blobid2.png

You will be asked to accept the privileges we ask for.  

These are “Sign in and read user profile”, which we use to authenticate the user and read information displayed in Pronestor Workspace, and “Read all groups”, which is used to allow you to restrict access to Pronestor Workspace based on Azure AD groups. 

The information we read from the user profile is  

  • Full name 
  • E-mail address
  • Avatar
  • AD Groups 

blobid3.png

Once you have given your Administrator consent, we have access to your Azure AD with the privileges shown, and we can finish the setup process.  

You will have to tell us what Azure AD group holds your Pronestor Workspace administrators. You will also be asked if you wish to restrict access from your Azure AD tenant to Pronestor Workspace based an Azure AD group. If you do not restrict booker access to an AD group, all active users in your Azure AD will be allowed to use Pronestor Workspace. 

blobid4.png

After this step is completed, we are able to authenticate users from your Azure AD. The first time a user tries to log into Pronestor Workspace they will have to click the Log In With SSO button and after that they will just be logged in using SSO. 

blobid5.png

 

The SSO integration is not a Synchronization of users. Users will be created when they first log into Pronestor Workspace. When you remove users from your Azure AD, they will no longer be able to log into Pronestor Workspace. 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk