For admin - Force login with Microsoft SSO and Group Claims with Azure Active Directory

Knowledge base
, ,
1

To ensure compliance with security standards, Onix Work has allowed companies to limit the authenticating method of its users to only Sign in with Microsoft. In addition, if your company is using Azure Active Directory (hereby referred to as Azure AD) to manage users, you can enable and configure Group Claims in Onix Work settings for a more efficient workflow.

IMPORTANT NOTE

  • Only admins of the company can set up the forced login and Group Claims.
  • You MUST have an existing Microsoft Azure Active Directory account.
  • Group Claims only works correctly when users use the Single Sign-On method (Sign in with Microsoft).

1. Force use of Single Sign-on (SSO)

  • Go to the Settings module —> Users & Roles —> Single Sign-On tab.
  • In the General section, choose Edit —> Turn on the Force use of SSO toggle.
    • Current users of your company will be able to log in using Microsoft account only.
  • If the Group Claims toggle is OFF:
    • Current users’ roles and licenses in Onix Work will not be affected by the settings in Azure AD.
    • New users will not have access to your company.

image

2. Manage users with Azure Active Directory and Group Claims in Onix Work

IMPORTANT NOTE: Group Claims only works correctly when users use the Single Sign-On method (Sign in with Microsoft).

2.1. Add Onix Work to your Azure portal

  • Open Azure and navigate to the overview page —> Select Enterprise applications.
  • In the All applications section, click on New application —> Search for and select Onix Work.
  • Click Create to add the application to Azure AD.

image
image919×446 125 KB

2.2. Enable Group Claims in Onix Work

  • Go to the Settings module —> Users & Roles —> Single Sign-On tab.
  • Edit the General section —> Paste the company’s Tenant ID from Azure AD —> Turn on the Enable Group Claims toggle.

image

2.3. Add and manage Group Claims in Onix Work

In the Group Claims management configuration section, you can:

  • Add a new Group Claim:
    • Click on Add button —> In the Group ID, paste the matching information taken from Azure AD.
    • Fill in other fields with relevant information.

image
image680×624 102 KB

  • Edit and prioritize Group Claims.
    • When logging in, a user will be assigned the role and license of the highest matching Group.
    • For example, if they belong to both the 1st and 3rd groups, after logging in with Microsoft account, they will have the role and license of the 1st group.
  • Delete existing Group Claims.

image
image919×256 48 KB