About WebApps Single Sign-On

Single sign-on (SSO) is a session and user authentication service that enables a user to use one set of login credentials to access multiple applications. The service authenticates the user for all applications the user has rights to and eliminates additional sign-ons when the user switches applications during the same session. WebApps supports and can be configured for SSO by using any cloud-based Identity Provider synced to a local On-Premises Directory and the Server Administrator.

Before you begin

Administrators must complete the following tasks.

• Create a new app registration

• Configure WebApps Single Sign-On

• Test SSO

Note: Your On-Premises Directory must be synced to a cloud-based Identity Provider for the SSO configuration to work.

Creating a new app registration for WebApps

You can create a new app registration by using Azure Active Directory. It is used in the following steps as an example for illustrative purposes and is not required or the only supported Identity Provider .

Note: Complete the following steps if you are using Microsoft Azure Active Directory. These instructions were verified, but subject to change based on Microsoft  updates or changes. See the Azure Active Directory Help for assistance. Refer to the appropriate documentation or Help for Administrators using other Identity Providers.

To create a new app registration

1. Go to https://portal.azure.com and log into your Administrator account.

Note: You must have the appropriate rights to create new app registrations.

2. Select the Show portal menu icon next to Microsoft Azure. The portal menu appears.

3. Select Azure Active Directory.

4. Select Manage > App registrations and choose + New registration. The Register an application page appears.

5. Type a display name in the Name box; for example, WebApps .

6. Ensure Accounts in this organizational directory only (Omtool Only - Single tenant) is selected.

7. Click Register.

8. Select Overview after the app registration is complete.

9. Copy the Application (client) ID and Directory (tenant) ID.

Note: You will need this information when you configure WebApps for single sign-on. Paste the ID information temporarily in; for example, Notepad.

10. Select Manage > Authentication and click + Add a platform.

11. On the Configure platforms page, select Web applications.

12. Type a Redirect URI  (URL) in the box.

13. Type a Logout URL with the appropriate hostname and port for your server installation.

Note:  Implicit grant is not required.

14. Click Configure.

15. Click + Add a platform again and select Mobile and desktop applications. The Configure + devices page appears.

16. Type the urn:ietf:wg:oauth:2.0:oob value in the Custom redirect URIs box.

17. Click Configure.

18. Select Manage > Certificates & secrets and click + New client secret. The Add a client secret page appears.

19. Type a description in the box; for example, WebApps client secret and click Add.

20. Copy the secret shown in the Value box. It will not be shown again after you leave this page.

Note: You will need this information when you configure WebApps for single sign-on. If you skip or forget to copy the secret shown in the Value box, you will need to generate a new secret. Paste the secret information temporarily in; for example, Notepad.

Accessing WebApps Properties

You can access WebApps properties by using Server Administrator > WebApps . The Properties dialog box is used to create new profiles, configure new or modify its properties.

To access WebApps Properties

1. Start the Server Administrator.

On the Start menu, click Upland AccuRoute > AccuRoute Server Administrator.

2. Expand the Server Administrator tree and Configuration node, if necessary.

3. Select WebApps. The WebApps Profile Details pane appears.

4. Select a profile.

5. Set new or modify the appropriate properties.

6. Click OK.

See also

Configuring WebApps Single Sign-On