This article describes the necessary steps to enable Microsoft Entra ID (formerly Azure Active Directory) authentication for epowerhr esuite.
Microsoft Entra ID is the identity platform in the Microsoft cloud.
Office 365 uses Microsoft Entra ID as the underlying identity platform.
Requirements
To enable Microsoft Entra ID authentication in epowerhr esuite, the following items are required:
- A user to access the epowerhr esuite at
- Production environment (PRD): https://esuite.epowerhr.be
- Acceptance Environment (ACC): https://esuiteacc.epowerhr.be
- This user must have permission to access the Authentication page..
- epowerhr will create a group IT authentication with the following permissions
- People (View)
- Administrator
- General
- Security
- Customer Authentication (All)
- The user "IT Authentication" will be added to this group
- epowerhr will create a group IT authentication with the following permissions
- Admin credentials for your organisation's Microsoft Entra ID
Steps
First, go to https://esuite.epowerhr.be (PRD) or https://esuiteacc.epowerhr.be (ACC) and log in with the specified user. If you do not have a user for this page, contact your contact person.
Once logged in, go to the Admin area via the following icon in the left-hand corner below:
Then use the filter in the left menu to find the "Authentication" page. On this page, you can enable the "Office 365" item. After you press "Save", the "Sign in" button will appear.
Click on the "Sign in application" button. You will be redirected to the Microsoft Entra ID sign-in page.
On that page, enter the user name of the user who has administrator rights in your Microsoft Entra ID organisation and click "Next".
Next, enter the user's password and click log in.
The following screen will appear:
By clicking "Accept", you give permission for users from your Microsoft Entra ID organisation to log in to the epowerhr application using their Microsoft Entra ID account.
After confirming the permission, you will be redirected to the epowerhr application.
Currently, the epowerhr application also has the Microsoft Entra ID admin user linked to the specified user to log in to https://esuite.epowerhr.be (PRD) or https://esuiteacc.epowerhr.be (ACC).
Access
Organisation users can now access the epowerhr application via:
- The direct link for the production environment(PRD): https://portal.epowerhr.be/
- The direct link for the test environment(ACC): https://portalacc.epowerhr.be/
- The App Launcher in Office 365
Note: it is important that the Microsoft Entra ID usernames are linked to the correct users in the epowerhr application (via the "Users" item in the admin section).
Under "General - Settings", you should also adjust the application link, as this application link is used in the e-mail messages generated by the application, which contain an automatically generated link.
- Application link: the default URL is https://app.epowerhr.be, but when authentication is set up via ADFS or via Office365, the link should be changed to https://portal.epowerhr.be or to the organisation-specific url.
If the customer also wants to allow guest users from their own Microsoft Entra ID, we need their tenant ID. This needs to be added to our Identity Server and a company-specific URL added.