Tutorial Videos

Tutorial videos are available here.

Knowledge Base

Visit our User Forum for discussions & solutions

Configuring SSO or SharePoint Integration – self hosted servers only

NOTE: Reference this article if you are setting up SSO or if you are setting up SharePoint integration, and your XpressDox is self-hosted.

In a self-hosted environment you need to register XpressDox in your Microsoft Azure Tenant.

1. In Microsoft Azure AD, click on App registrations and then on New registration:


  2. Next, give your application a name. Select the first radio button (Accounts in this organizational directory only). Select Web from the drop list, and provide a URI. Then click Register.


  3. The Application will be registered and you will be taken to a page which looks like this:


  4. Additional redirect URI’s can be added on the Authentication page e.g. your UAT instance.5

For SharePoint integration, add this redirect URL:


  5. Next click on Certificates & secrets, then on the Client secrets tab, and on New client secret. Add a Description, an expiry and click Add.


  6. Copy the Client key and secret as you will use them later

For SSO the Client key and secret will be stored in the web.config file.
For SharePoint integration the Client key and secret will be used when setting up a Foreign File System.


  7. You’re also going to need the Application (client) ID, and the Directory (tenant) ID from the Overview screen. Copy both of those and store them somewhere.

To continue setting up SharePoint integration, click here.

The remainder of this article pertains only to SSO:

  8. All 3 of those values are required in the web.config file:

Be sure to set AzureAD:Enabled (shown as line 86 in the image above) to true. Note that by default in the web.config it is set to false.



  9. The following API permission will have been automatically added, you just need to grant admin consent.


  10. Lastly, add XpressDox roles to the App roles screen as indicated below:


  For ease of reference, the text of that table has been provided here:

Template Runner Assigns the user as a Template Runner in the XpressDox Application. TemplateRunner
File Administrator Assigns the user as a File Administrator in the XpressDox Application. FileAdministrator
Account Administrator Assigns the user as an Administrator in the XpressDox Application. AccountAdministrator
Shared Interview User Assigns the user as a Shared Interview user in the XpressDox Application. XddsUser


11. Now that the application has been registered in your Azure AD, to further configure user access to XpressDox via SSO, follow the steps below:


12. Click on Enterprise Applications,  and then on XpressDox Cloud in the list presented.


13. Go to Properties. Please note the following two settings:


14. User access to XpressDox as well as their role within XpressDox can be managed / configured in Azure AD e.g. File / Account Administrator or Template Runner.


15. There are some settings to note in XpressDox: – The Tenant ID is populated the moment the account is created. It is a read-only field. – There is a ‘Force Azure AD login only’ checkbox which can be switched on and off. Switching it on prevents users from logging in using any method other than Azure AD. Switching it off allows both methods; logging in using XpressDox credentials or logging in via Azure AD SSO.