If you have an account registered on one of these XpressDox Cloud instances, then follow these instructions to configure SSO for your Cloud Account:
- After logging in to your instance of Azure AD, go to your Active Directory and click on the Enterprise applications.
- Add a new application; search for XpressDox in the gallery and add it to your list of Enterprise applications.
- Click the ‘Sign In or Register with Microsoft’ button on the XpressDox login page. You will be redirected to Azure AD and will go through the authentication process, after which you will return to XpressDox. One of the following two scenarios will apply:
– a new account will be created if you do not already have an existing XpressDox account. You will be assigned as an Administrator to this account; or
– if you already have an XpressDox account, it will be linked to your Tenant in Azure AD and you be logged in immediately. Only XpressDox Administrators can link accounts.
In both of the above scenarios, additional users will be added to the XpressDox account, when they login to XpressDox for the first time, if those users are already in the Azure AD Tenant.
- The Application in Azure AD can configured as necessary. Please note the following two settings:
If “Assignment required” is set to “Yes” then all users who require access to XpressDox must first be allocated in Azure. If it is turned off, then any user can access XpressDox. If they do so, they will be created as a user and automatically be assigned the role of Template Runner. The role can be changed in either Azure or in XpressDox.
- User access to XpressDox as well as their role within XpressDox can be managed / configured in Azure AD e.g. File / Account Administrator, Shared Interview User or Template Runner.
There are some settings to note in XpressDox:
– The Tenant ID is populated the moment the account is created. It is a read-only field.
– There is a ‘Force Azure AD login only’ checkbox which can be switched on and off. Switching it on prevents users from logging in using any method other than Azure AD. Switching it off allows both methods; logging in using XpressDox credentials or logging in via Azure AD SSO.