Skip to main content

Azure AD/Entra on Cloud Service

Rebranding

Azure AD has been rebranded by Microsoft to "Entra ID". This has no effect on the integration. (https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id)

Azure AD (AAD) integration is available on the standard Smartsign Cloud Service and allows you to auto-provision new users in Smartsign. Read on for instructions on how to integrate your company's AAD to your Smartsign site(s) on the cloud service.

  1. Create security groups in AAD as follows

    Example namePurposeNotes
    Smartsign_AccessPermission to loginOne group per site if you have multiple and want to differentiate between them
    Smartsign_PublisherProvide user permissionsDetermines which user profile the user will get
    Smartsign_AdminProvide user permissionsDetermines which user profile the user will get
    User permission groups

    If you wish to use more than just the standard SiteAdmin and Publisher user profiles, you'll need to create a group for each.

  2. Prepare and send the following information to support@smartsign.se to setup the integration.

    1. Your Customer ID (you can see it in the bottom left corner when your are signed in on the cloud service).
    2. Your Microsoft 365 Tenant ID.
    3. Name and Group object ID for each of the security groups.

  3. Our support will setup the integration and report back so that you can verify the function.

  4. To be able to login and use Smartsign, a user must have one ore more access-groups and exactly one (1) permission group.

  5. Once verified you can proceed and add your users to the necessary groups in AAD.

  6. The first time a user signs in, they will be prompted to approve the Azure AD login integration. If they are not an Azure AD admin themselves, they can usually request approval from an admin immediately in the dialog. 

    For reference, the Application (client) ID is 9ab97371-ac1c-4f52-b1d9-3476e60637ca

    As an admin you can use the consent link below to add and approve the app in advance.

    In addition to basic login (email, profile, openid), it requires the following permissions.

    Delegated PermissionUsed forAdmin consent required
    GroupMember.Read.AllRead which groups the user is a member ofYes
    User.ReadRead user detailsNo

Manage resource access using Azure AD (optional)

Access Groups are used to control access to resources, such as screens, media library folders etc, for all non-admin users.

These can either be managed directly in Smartsign or mapped to Azure AD (AAD) groups to control resource access from AAD.

  1. Create or identify the AAD security groups to use for access control in Smartsign.
  2. Find and note the AAD Group Object ID for each.
  3. Create the corresponding groups in Smartsign and input the AAD Group Object ID to connect it to the AAD group.
  4. Assign which resources the group should provide access to.
  5. Done! Users will be automatically added/removed from the groups each login, based on the AAD group memberships.
Auto-provisioning only

AAD integration on Smartsign Cloud only provisions (creates) users with the given permissions. To remove access for a user they must manually be removed from the AAD groups as well as from Smartsign Cloud.