Single Sign-On (SSO) - Office 365

Single Sign-On (SSO) - Office 365

Embrayse uses Microsoft Azure B2C in order to provide single sign-on for organisations using Office 365. This ensures users can be managed by the organisation and use their normal work email and password to login, rather than maintaining separate credentials for using Embrayse.

To establish identity federation, you will need to create an App Registration in your Azure Active Directory (Office 365) tenant and provide Embrayse support with corresponding Client Credentials. The following is a guide on creating the App Registration.

  1. Log into the organization Azure AD using a global administrator account, by navigating to https://portal.azure.com/ and searching for “Azure Active Directory” in the search box.

  2. Select App Registrations on the left navigation panel, then select New registration at the top of the page.



  3. Type in “Embrayse” for name. Leave Account Type as the first option (Accounts in this organizational directory only - Single Tenant) and click Register.



  4. Under the Overview page for the app registration, make note of Application (client) ID. This information will need to be sent to Embrayse to complete the SSO configuration (see Step 12).



  5. Under the Branding page for the app registration, select the Embrayse logo image that is attached at the bottom of this article, and set the Home Page URL to https://food.embrayse.com.



  6. Under Authentication section select Add Platform and choose Web from the slide-out panel on the right.



  7. On the next screen, add the following Redirect URI and click Configurehttps://embrayseusers.b2clogin.com/embrayseusers.onmicrosoft.com/oauth2/authresp



  8. On the Web platform configuration you just created, add the following Redirect URIhttps://food.embrayse.com



  9. Under Certificates & Secrets section, create a new client secret named Azure B2C and a 24 month expiration.



  10. Copy the Value of the client secret. It’s important that you keep this copy in a secure location, as it will no longer be available on the Azure AD portal once you leave this page. You’ll need to supply Embrayse with this secret. See Step 12.



  11. (Optional) under the API Permissions section, make sure the User.Read permission is present (this should have been added automatically). We recommend you click the Grant admin consent for button. Doing so will avoid each end-user having to give consent for their basic user information (name and email) to be accessed by Embrayse, and simplifies their user experience.



  12. Send the Application ID from Step 4 and credential obtained in Step 10 to support@embrayse.com or your Embrayse contact in a secure manner. You can use a service like https://privnote.com/ to ensure the note is destructed after usage, or send a password protected Zip file and send us the password via SMS.