Microsoft Azure SSO Integration

Abstract

This document details the process for integrating the BeWhere Portal with enterprise platforms. Integration is streamlined and secured using Microsoft Entra ID authentication services within the Microsoft Azure/Microsoft 365 environment. This solution enables users to leverage Single Sign-On (SSO) capabilities, enhancing security, improving user experience, and facilitating centralized identity management for BeWhere application access.

High-level View:

Enterprise customers manage their user profiles via Microsoft Entra ID. BeWhere validates authentication by referencing the Entra ID profile. To be authorized into the BeWhere system, these users must have their profile assigned to a specific Dealer/Account with a specific Role. Crucially, no password should be set for SSO accounts. The dedicated URL for this authentication model is https://portal.bewhere.com/#/azuresso .

Setting Up a User for Azure SSO

The following steps outline how to set up users for Azure Single Sign-On (SSO):

• From the gear menu, select Users.
• Click the "Add User" icon on the screen.
• On the Edit page:
  • Enter the Microsoft Entra ID user's identifier (email is recommended) for the BeWhere Email-ID field.
  • Specify the appropriate Role for the user.
  • Enable the SSO flag for users who will be authenticated via Azure. (Note: Enabling this flag prevents an onboarding email from being sent to the user.)
• CRITICAL: Do not set a password for SSO users. This prevents them from gaining direct access to the BeWhere portal outside of the required Azure SSO mechanism.

Notes

• 1) The URL for single sign-on (SSO) user access is: https://portal.bewhere.com/#/azuresso
• 2) The Pop-up Blocker must be configured to always allow pop-ups and redirects from 'https://portal.bewhere.com'
• 2) Additionally, it is strongly recommended that a Master Admin BeWhere account be maintained as a backup outside of the standard Microsoft Azure/Microsoft 365 environment.