Allow users to log inn to Destinet, Exposer or DSignage using Azure SSO solution.
- The SSO solution is using deligated permissions.
- API access is controlled by the Azure APP API permissions:
- Directory.AccessAsUser.All - Allows the app to have the same access to information in the directory as the signed-in user.
- User.Read - Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.
- User.ReadBasic.All - Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user.
- Group.Read.All - Allows the app to read the list of Azure/Microsoft 365 groups.
- The solution has only read only access to the Azure AD.
- The App keys are stored encrypted.
- Users are stored encrypted.
- Organizations can remove access at any time by removing the Azure App.
First step is to setup a Azure API App:
Second step is to add the Application ID, Tenant ID and Application Key/Client secret to the Destinet/Exposer/DSignage login section.
Afterwards, your partner will setup a custom login page on your solution that unauthorized users are redirected to to login.