Microsoft login (Azure AD Single Sign-On) enables your employees to access Nepton with the standard credentials and security practices of your organization. This guidance describes the necessary configuration steps to enable Microsoft SSO for Nepton in Azure AD. Intended audience is Microsoft Azure AD or Microsoft 365 administrator of your organisation.
Your organization needs to have active Microsoft 365 or Azure AD subscription. Your organization needs to have at least one free Azure AD application registration slot available. All Microsoft 365 customers received at least 10 application registration slots on initial subscription start.
Get two values from Azure AD and save them to Nepton
Get two values (Application id and Secret value) from Azure AD. Instructions here
Go to Employees > Administration
Go to the section Single sign-on (SSO) > Microsoft Azure AD
Fill in the values and save the changes
- Name: The text that appears on the login button (for example: Microsoft login)
- Application Id: Text from Azure AD
- Secret value: Text from Azure AD
- Guidance about fetching these text values can be seen here
- Please take care to use the secret value and not the secret ID
ATTENTION: If secret value has an expiration date, you must before occurrence of such expiration date always create in Azure AD a new secret value and update this secret value to Nepton. This is required for uninterrupted use of the Microsoft logins in Nepton service.
Grant permissions and test
On first Microsoft login, you might need to authorize the SSO app on behalf of the whole organization. If this occurs, a separate popup will be presented to user who first logs in from your organization.
If user is Azure AD administrator, the popup will look like below, and user should accept. Do not press cancel.
If user is normal user, she will be presented with a different popup allowing her to request permission from Azure AD administrator. In this case it’s advisable to separately & directly contact Azure AD administrator of your organization.
Microsoft login will not work before above consent and permissions are granted.