From v3.46 we will release the Hub. For now this will include announcements. Click here for more information.
Hi ,
Welcome to the Support Portal. How can we help?
Follow

Manual setup of SSO

Quick reference:
Settings -> Single sign-on

Table of Contents

 

Introduction

In this article we explain how to set up SSO manually for your Workspace environment (we do however recommend using the automatic setup for SSO). Be sure to use the Primary Administrator account for the setup. 

 

Step 1. Enable SSO manually in Workspace

To set up SSO manually, go to:

  • Workspace admin settings.
  • Select Single sign-on.
  • Set the Single sign-on type to OAuth2.
  • Choose Manual setup.

    manual.png

  • The Authority consists of "https://login.windows.net/" appended with the Primary domain of your tenant (e.g. "workspace365.onmicrosoft.com"), which can be retrieved from Azure AD and can be found under Overview tab (Basic information).

    Example: "https://login.windows.net/workspace365.onmicrosoft.com"

    authority.PNG

    primary_domain.PNG

  • The Client ID can be retrieved from the SSO App registration (Overview) in Azure AD.

    client_ID1.PNG

    client_id.PNG

    • You must first however create a new App registration by clicking on "New registration".
    • Choose a name, e.g. "Workspace 365 SSO". 
    • As for Supported account types choose: "Accounts in this organizational directory only (workspace365inc only - Single tenant)"
    • Under Redirect URI, choose Web. The URL should have the following format:  "https://instance.workspace365.net/environment/OAuth2/HandleAuthorityResponse".
    • Click on Register.

      register_an_application.PNG

  • The Key can be retrieved under Client secrets. You must first create a new Client secret.

    key.PNG

    • Once the App registration has been created in Azure AD, under Certificates & Secrets, click on New client secret.
    • Fill in a Description and set the expire date. 
    • Click on Add
    • Copy the Value. This value will be hidden once you leave this page.
    • Under Key in the Workspace SSO setup, paste this value. 

      certificates_and_secrets.PNG

  • Click on Verify. 
  • If successful, you should see a green screen "verification succeeded" pop up. If so, check the checkbox "I have seen the GREEN screen telling the verification was successful". 
  • Then, click on Done

    verify.PNG

 

Step 2. Adding API permissions to the SSO App Registration in Azure

Once the manual SSO setup has been successfully verified, you can add the API permissions to your SSO App registration in Azure AD. In the example below, we will add permissions for Exchange, SharePoint (Microsoft Graph) and Power BI (Power BI Service).  

  • Go to the corresponding SSO App Registration.
  • Click on API permissions.
  • Select Add a permission.
  • The following permissions are for SharePoint, Exchange (Microsoft Graph) and Power BI (Power BI Service).

    API_permissions_updatet.PNG

  • You can add permissions by clicking on Add a permission (update/change/apply the consent in Azure AD can be done at any time later on if needed). 
  • Don't forget to Grant admin consent once you're done. A green checkmark indicates that admin consent has been granted. This is very important. Without admin consent, Workspace does not have permissions to retrieve the data from Azure.

Back to top