In a self-hosted environment you need to register XpressDox in your Microsoft Azure Tenant.
- In Microsoft Azure AD, click on App registrations and then on New registration:
- Next, give your application a name. Select the first radio button (Accounts in this organizational directory only). Select Web from the drop list, and provide a URI. Then click Register.
- The Application will be registered and you will be taken to a page which looks like this:
- Additional redirect URI’s can be added on the Authentication page e.g. your UAT instance.
- Next click on Certificates & secrets, then on the Client secrets tab, and on New client secret. Add a Description, an expiry and click Add.
- Copy the Client key and secret as you will use them later.
The Client key and secret will be stored in the web.config file.
- You’re also going to need the Application (client) ID, and the Directory (tenant) ID from the Overview screen. Copy both of those and store them somewhere.
- All 3 of those values are required in the web.config file:
Be sure to set AzureAD:Enabled (shown as line 86 in the image above) to true. Note that by default in the web.config it is set to false.
- Ensure that the following permissions have been added for your organization (pictured below as Coleso Legal Technologies), and then click “Grant admin consent”
- Lastly, add XpressDox roles to the App roles screen as indicated below:
For ease of reference, the text of that table has been provided here:
Template Runner | Assigns the user as a Template Runner in the XpressDox Application. | TemplateRunner |
File Administrator | Assigns the user as a File Administrator in the XpressDox Application. | FileAdministrator |
Account Administrator | Assigns the user as an Administrator in the XpressDox Application. | AccountAdministrator |
Shared Interview User | Assigns the user as a Shared Interview user in the XpressDox Application. | XddsUser |
- Now that the application has been registered in your Azure AD, to further configure user access to XpressDox via SSO, follow the steps below:
- Click on Enterprise Applications, and then on XpressDox Cloud in the list presented.
- Go to Properties. Please note the following two settings:
- User access to XpressDox as well as their role within XpressDox can be managed / configured in Azure AD e.g. File / Account Administrator or Template Runner.
- There are some settings to note in XpressDox (Manage>Account>Show More):
- The Tenant ID is populated the moment the account is created. It is a read-only field.
- There is an ‘Only Allow SSO Login’ checkbox which can be switched on and off. Switching it on forces users through the SSO login method. Switching it off allows both methods; logging in using XpressDox credentials or logging in via Azure AD SSO.