Azure AD (Microsoft Entra ID) Authentication for SnapComms Apps

If your organization is using Azure AD (Microsoft Entra ID), you can use it to authenticate SnapComms apps (end users) for better security.
Using Azure AD authentication will also enable your organization to access upcoming features such as sharing resources from Microsoft SharePoint.

 

When using Azure AD authentication:

  1. The username created in SnapComms will be adapted from the network login, not from the Microsoft/Azure AD username prefix that is logged in under "Emails & Accounts"

  2. The User Principal Name from Azure AD will be collected by the SnapComms app (which can be used to import user attributes and group membership from Azure AD, this data integration will have to be configured separately)

  3. Azure AD authentication will apply to all SnapComms apps (Windows, MAC, and Mobile). SAML SSO authentication will have to be disabled for the MAC and Mobile App if this is configured in your SnapComms Content Manager


Minimum app version requirements for Azure AD authentication:
Windows - 22.6.64931
Mac - 23.4.121981
iOS - 23.3.116823

Android -  23.3.116821

 

Setting up Azure AD App authentication

Firstly, navigate to the App Authentication page, which can be found under App Management

image.png

In the App Authentication page, you can change the authentication mechanism to Azure AD authentication.



Azure AD authentication has the following settings:

  • Tenant ID: This is your organizations Azure Tenant ID. It can be found by logging in to Microsoft Azure as an administrator. Then in the Microsoft Azure portal, click Azure Active Directory. Under Manage, click Properties. The tenant ID is shown in the Directory ID box.
  • Enforce: Disabling enforce authentication can be used to test the successful functioning of  Azure AD authentication while keeping a fallback to Standard authentication if anything goes wrong.

Once you have configured your Tenant ID, click Save and generate consent URL. This will save and then show the URL that will grant the SnapComms authentication App access to your Azure instance.




The Consent URL will take you to Azure where you can grant access. Note: Granting access requires an authorized account to be logged in.


 

The SnapComms Apps will request and require the following permissions:

Sign-in and read user profile

Allows users to sign-in via the SnapComms Apps, and allows the App to read the profile of the signed-in users.

Read all files that user can access

SnapComms App requires permission to access files on Sharepoint to be able to view the video content (to support the Microsoft Stream Video Alert integration and possible future integration for other file types) published to the App.

 

Users and Group Access

By default all users are allowed access to the application. 

To allow access to only specific users and group go to Properties blade ad set Assignment Required to Yes. 

Then use the Users and groups blade to grant access

 

The SnapComms Windows App will initially try to detect if there is a default account under the 'Email and account' settings and the log-in is seamless (without user interaction) if the App detects a default account. If the App is not able to (e.g. no account is signed-in or there are two signed-in accounts), the interactive login window will appear to prompt the user to log in. 

Users can log in on their desktop's 'Email and account' settings and click 'Add a work or school account' to avoid being prompted to log in.

image.png

 

Testing Azure AD Authentication

  1. Install the latest SnapComms App on the end user's machine. If it's already installed then restart the App to trigger a refresh of the authentication flow.
  2. From the Azure portal open the Enterprise applications blade, find the SnapComms Client app then select the Sign-in logs blade and verify you can see the sign in details of your app, either in the interactive or non-interactive tab.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.