Configuring SSO using Azure AD for your XpressDox Cloud Account

If you want to register a cloud account at one of these XpressDox Cloud instances, or perhaps you already have one registered then these are the instructions to follow when configuring SSO.

If you want to configure SSO against a self-hosted XpressDox instance, then the instructions you need are here.

1. Go to your chosen XpressDox instance e.g. https://au14.xpressdox.com
2. If you already have an account registered, please ensure that you proceed as a user who is already registered on the XpressDox account. If not, a second XpressDox account will be registered.
3. Click the ‘Sign In or Register with Microsoft’ button on the XpressDox login page.

4. You will be redirected to Azure AD and will go through the authentication process, after which you will return to XpressDox. One of the following two scenarios will apply:
   – a new account will be created if you do not already have an existing XpressDox account. You will be assigned as an Administrator to this account; or
   – if you already have an XpressDox account, it will be linked to your Tenant in Azure AD and you will be logged in immediately. Only XpressDox Administrators can link accounts.

In both of the above scenarios, additional users will be added to the XpressDox account when they login to XpressDox for the first time, if those users are already in the Azure AD Tenant.

5. The Application in Azure AD can be configured as necessary. Please note the following two settings:

If “Assignment required” is set to “Yes” then all users who require access to XpressDox must first be allocated in Azure. If it is turned off, then any user can access XpressDox by clicking on the ‘Sign In or Register with Microsoft’ button on the XpressDox login page. If they do so, they will be created as a user and automatically be assigned the role of Template Runner. This role can be changed in either Azure or in XpressDox.

6. User access to XpressDox as well as their role within XpressDox can be managed / configured in Azure AD e.g. File / Account Administrator, Shared Interview User or Template Runner.

Settings in XpressDox

In your XpressDox account, you can access your Account Settings (Manage>Account>Show More)

Here you will see that your Tenant ID has been populated automatically. It is a read-only field.

There is also ‘Force Azure AD login only’ checkbox. This is an optional setting which restricts users to logging in via SSO only. Switching it off allows both methods; logging in using XpressDox credentials or logging in via Azure AD SSO.