Single sign-on (SSO) with Microsoft Entra ID
complete
Benedikt Voigt
complete
S
Simon Winkler
Arne Semmler > Is the login via MS account still in any phase that has not been approved? We have been able to do this for a few weeks now. Today we wanted to deactivate the login with password under Settings -> Employees (because for security reasons, from our point of view), but this meant that all logins via Microsoft (which worked before the check mark) no longer worked, but only a “Projo error” was thrown out.
Please let me know when the function can be used. The email addresses at Microsoft correspond 1:1 to those in Projo.
Arne Semmler
Simon Winkler This has definitely been done before and, as far as I know, is also being used by other customers. We would have to check whether this only affects you and may be related to settings (possibly also in AD).
S
Simon Winkler
Arne Semmler Hi Arne,
Last week we had an appointment with your technical support team, where I talked about this, among other things. It seems that on 15.1., we just caught a time window in which the login was generally disrupted - in a joint attempt last week it worked again, I suspect that my request has therefore disappeared into thin air.
Arne Semmler
Simon Winkler Well, then it was this incident. I know him, then it overlapped. Thank you so much!
Arne Semmler
Your Microsoft EntraID has to be registered with the same domain name like the email addresses you are using for login (i.e. if you want to use arne.semmler@projo.berlin your EntraID has to be assigned to the domain projo.berlin). Otherwise login via Microsoft will fail.
Arne Semmler
In the current working setup you've to ensure, that you fill the same email adress into the contact information card in your Entra ID-UserEntry which is used in your projo personal data information:
Arne Semmler
in progress
Arne Semmler
The implementation will work for Microsoft Entra ID, as this is just a name change by Microsoft.
Arne Semmler
planned
E
Edler, Christoph
Arne Semmler Mega!
R
Ruben Hauser
Arne Semmler Nice first step! Do you have an update for SSO vial Okta and Google Workspace? I've opened a suitable canny point for this: https://projo.canny.io/feature-requests/p/sso-via-okta-oder-saml
Arne Semmler
Ruben Hauser Thanks for dividing up the point - did you do the work for me ;-)
Arne Semmler
planned long
R
Ruben Hauser
Arne Semmler: Hi! What is your time horizon for -Planned Long-?
Arne Semmler
Ruben Hauser: That means: We want to have, but we haven't started implementing it yet. In fact, colleagues from technology are currently working on the question of which boundary conditions/frameworks should be defined, just until the end of this quarter (timeframe).
R
Ruben Hauser
Arne Semmler: Danke!
R
Ruben Hauser
Another absolute PRO SSO/SAML/SCIM from me. That must happen! On the one hand, users must be automatically created from the IdP (and also deactivated), and access must be regulated via SSO via the IdP and its MFA policies. Suggestion: Rename the canny point to something that is easier to understand.
E
Edler, Christoph
It's a pity that this point hasn't been liked by many users so far. We use Microsoft Teams a lot at our company, as certainly do many customers, and with a single sign-on, there would already be great potential for seamless teams integration via the website tab. Surely you could do great advertising with that, dear Projo team?
R
Ruben Hauser
Edler, Christoph: I don't understand either. Absolutely important for security reasons. Projo is our only tool where users have to remember an extra password.
Load More
→