If you use Office 365 and Azure AD for user authentication, you can complete the setup below to allow login to Brevity using delegated authentication via Azure AD. This ensures any policies configured for your users e.g. MFA, are enforced during login. It also ensures that user access can be controlled from a centralised directory i.e. when user leave their Azure AD can be blocked to stop them logging into Brevity.
Info |
---|
Note: This feature is only available within the Enterprise version of Brevity |
Configure app in Azure AD for single sign on
Within your Azure Portal, navigate to Azure Active Directory then select App Registrations on the left menu, or access via the url below.
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
Click the + New Registration button to create a new app
Enter display name, choose option as show within image on the right, and add redirect url as below:
https://auth.brevity.com.au/Account/Office365Callbackoffice365
Click Register to create the app.
You will also need to create a Client secret key that will allow Brevity to communicate with your app. This can be done via the Client credentials section as per screenshot on the right.
Click the + New client secret button to generate a new secret key. Enter a description and select the required expiry timeframe, then click the Add button to create the key. Copy the value of the key - this will need to be added to Brevity later.
You will also need to setup Token configuration that will contain the information returned to Brevity after successful login to complete the authentication within Brevity. This can be done via the Token configuration menu item on the left, then by clicking the + Add optional claim button on the top of the screen.
You should then select the options as shown on the right and click Add. These will be returned to Brevity after successful login to your Azure AD.
You can now return to your Brevity instance to complete the setup. Within Brevity click on your account name in the top right and select the Settings option on the popup. The select the Integration tab on the new screen.
On the Integration tab you can click the Map button next to the Enable single sign on using Office 365 option
Here you should enter the Client ID and Client Secret from your Azure AD app. You should also enter your Tenant details.
Optionally you can restrict login from certain domains if you have multiple domains within your tenant.
Click Save to complete the mapping. Be sure to test the login from another browser to ensure all is working as expected.
Once the Enable single sign on using Office 365 option has be configured, you will see a new login button on the Brevity login screen that allows you to login using your Azure AD / Office 365 user account. Users with usernames or email addresses in Brevity that match those in Azure AD, and that have been setup with user roles will be able to login using this option.