Configure Windows Azure Active Directory Authentication

Zendesk Agent Zendesk Agent

Introduction

This article guides Seller Admins in configuring Windows Azure Active Directory authentication in the platform. The article consists of content related to enabling this authentication method, whitelisting the aliases associated with seller's Microsoft tenant and also guides global admins and privileged users on next steps in order to successfully enable the authentication.

In this article:

NOTE! For all partners, the support request should follow to validate if self-service of whitelisting domain is feasible solution for them and if it can be enabled.


Enable Work email (AAD Account)

Go to "Settings" and choose the sub-section Authentication Management
Choose the Identity Provider "Work email (AAD Account)" and select "Save".

The List of Custom Domains

The complete list of the organization's Azure Active Directory custom domain names can be found in the Azure management portal or in the Microsoft 365 Admin Center:

mceclip2.png

Whitelist the Domain(s)

In "Settings" -> Authentication Management section, select Pencil icon shown beside "Work email (AAD Account)" selection box.

A pop-up window will appear where you can add any domains you would like to whitelist separated by the commas as shown below:

Upon providing the domain or multiple domains, and selecting "Save" and "Confirm" the following message is presented:




"Domains to Append" field has the following validation rules:

  • it accepts only domain and subdomain strings in valid formats
  • in case there are multiple domains provided and at least one is invalid format, neither domain would be accepted, and the following message would be returned:
  • domain can be added to the whitelisted directories only once and in case it was in valid format and provided on more than one attempts, it will not be duplicated in the list however no error would be returned on the screen 

Final Steps

Either of these steps need to be completed once the domain has been whitelisted:

  • Global Admin of domain directory attempts to log in to the platform and approves the creation of the external app in their Azure Active Directory.
  • Any user of the domain directory attempts to log in to the platform and sends the requests to Global Admin to approve the creation of the external app in their Azure Active Directory.
  • User of domain directory with required permissions granted, attempts to login to the platform and approves creating the external app in their Azure Active Directory (Configure how users consent to applications).
NOTE! None of the users mentioned above needs to be invited to the platform in order to approve the creation of the external app or to send the request approve creation of such app. It will be sufficient if they attempt to login to the platform using whitelisted domain. However, unless they were invited to the platform, no platform resources would be available to them.

If you do not follow these steps, you might be presented with the following error messages when you are trying to login:

  • In case you are facing "Please enter a valid email" error while signing-in (see the image below), it means that your Azure Active Directory (AAD) tenant domain was not added to our whitelist directories:
    2024-06-11 12_15_33-Login.png
  • In case you are facing "Request pending" error while signing-in (see the image below), it means

    means that admin of this domain did not allow to create applications in their Azure portal yet. Admin of this domain must manually approve the creation of this application.
    AAD_login_pending_1.png

Limitations

  • Currently, there is no option to remove the whitelisted domains through the platform UI. In such case, support request should be submitted. However, the incorrectly added domain will not have any effect on how the platform works as far as the correct domain was provided.
  • There is no option available to encapsulate and show all whitelisted domains per seller since they share the same external application pool. Duplicate domains can be added as many times as the user wishes but they are appended only once. 
  • Currently, if you encounter errors related to the creation of an external app in Azure Active Directory, those errors need to be resolved with the Microsoft support team. However, a support request can be submitted with AppXite Support team for guidance and assistance prior to reaching out to Microsoft.

Summary

The AppXite platform makes it possible for seller to authenticate to platform using Windows Azure Active Directory authentication method. Once the domain has been whitelisted and user invited to the platform, they would be able to access to access the platform using their work email account associated with company profile.

 

Related Content

 

Was this article helpful?

0 out of 0 found this helpful

Articles in this section

Add comment

Please sign in to leave a comment.