If your organization is using Azure AD, you can use it to authenticate SnapComms apps (end users) for better security.
Using Azure AD authentication will also enable your organization to access upcoming features such as sharing resources from Microsoft SharePoint.
When using Azure AD authentication:
The username created in SnapComms will be adapted from the network login, not from the Microsoft/Azure AD username prefix that is logged in under "Emails & Accounts"
The User Principal Name from Azure AD will be collected by the SnapComms app (which can be used to import user attributes and group membership from Azure AD, this data integration will have to be configured separately)
Azure AD authentication will apply to all SnapComms apps (Windows, MAC, and Mobile). SAML SSO authentication will have to be disabled for the MAC and Mobile App if this is configured in your SnapComms Content Manager
Minimum app version requirements for Azure AD authentication:
Windows - 22.6.64931
Mac - 23.4.121981
iOS - 23.3.116823
Android - 23.3.116821
Setting up Azure AD App authentication
Firstly, navigate to the App Authentication page, which can be found under App Management.
In the App Authentication page, you can change the authentication mechanism to Azure AD authentication.
Azure AD authentication has the following settings:
- Tenant ID: This is your organizations Azure Tenant ID. It can be found by logging in to Microsoft Azure as an administrator. Then in the Microsoft Azure portal, click Azure Active Directory. Under Manage, click Properties. The tenant ID is shown in the Directory ID box.
- Enforce: Disabling enforce authentication can be used to test the successful functioning of Azure AD authentication while keeping a fallback to Standard authentication if anything goes wrong.
Once you have configured your Tenant ID, click Save and generate consent URL. This will save and then show the URL that will grant the SnapComms authentication App access to your Azure instance.
The Consent URL will take you to Azure where you can grant access. Note: Granting access requires an authorized account to be logged in.
Sign-in and read user profile
Allows users to sign-in via the SnapComms Apps, and allows the App to read the profile of the signed-in users.
Read all files that user can access
SnapComms App requires permission to access files on Sharepoint to be able to view the video content (to support the Microsoft Stream Video Alert integration and possible future integration for other file types) published to the App.
Users and Group Access
By default all users are allowed access to the application.
To allow access to only specific users and group go to Properties blade ad set Assignment Required to Yes.
The SnapComms Windows App will initially try to detect if there is a default account under the 'Email and account' settings and the log-in is seamless (without user interaction) if the App detects a default account. If the App is not able to (e.g. no account is signed-in or there are two signed-in accounts), the interactive login window will appear to prompt the user to log in.
Users can log in on their desktop's 'Email and account' settings and click 'Add a work or school account' to avoid being prompted to log in.
Testing Azure AD Authentication
- Install the latest SnapComms App on the end user's machine. If it's already installed then restart the App to trigger a refresh of the authentication flow.
- From the Azure portal open the Enterprise applications blade, find the SnapComms Client app then select the Sign-in logs blade and verify you can see the sign in details of your app, either in the interactive or non-interactive tab.