This article is intended for use in a On-Prem/Self-Hosted XpressDox Server environment. If you need help configuring SSO for your XpressDox Cloud Account, click here.
In a self-hosted environment you need to register XpressDox in your Microsoft Azure Tenant.
1. In Microsoft Azure AD, click on App registrations and then on New registration:
2. Next, give your application a name. Select the first radio button (Accounts in this organizational directory only). Select Web from the drop list, and provide a URI. Then click Register.
3. The Application will be registered and you will be taken to a page which looks like this:
4. Additional redirect URI’s can be added on the Authentication page e.g. your UAT instance.5
5. Next click on Certificates & secrets, then on the Client secrets tab, and on New client secret. Add a Description, an expiry and click Add.
6. Once generated, it is important to copy and store the Value somewhere. It will be used in XpressDox in the web.config file.
7. You’re also going to need the Application (client) ID, and the Directory (tenant) ID from the Overview screen. Copy both of those and store them somewhere.
8. All 3 of those values are required in the web.config file:
9. The following API permission will have been automatically added, you just need to grant admin consent.
10. Lastly, add XpressDox roles to the App roles screen as indicated below:
For ease of reference, the text of that table has been provided here:
|Template Runner||Assigns the user as a Template Runner in the XpressDox Application.||TemplateRunner|
|File Administrator||Assigns the user as a File Administrator in the XpressDox Application.||FileAdministrator|
|Account Administrator||Assigns the user as an Administrator in the XpressDox Application.||AccountAdministrator|
|Shared Interview User||Assigns the user as a Shared Interview user in the XpressDox Application.||XddsUser|
11. Now that the application has been registered in your Azure AD, to further configure user access to XpressDox via SSO, follow the steps below:
12. Click on Enterprise Applications, and then on XpressDox Cloud in the list presented.
13. Go to Properties. Please note the following two settings:
14. User access to XpressDox as well as their role within XpressDox can be managed / configured in Azure AD e.g. File / Account Administrator or Template Runner.
15. There are some settings to note in XpressDox: – The Tenant ID is populated the moment the account is created. It is a read-only field. – There is a ‘Force Azure AD login only’ checkbox which can be switched on and off. Switching it on prevents users from logging in using any method other than Azure AD. Switching it off allows both methods; logging in using XpressDox credentials or logging in via Azure AD SSO.