How do you enable MS Graph Single Sign-On for IFBI

MS Graph Single Sign-On (SSO) enables users to log into IntelliFront using their Microsoft business accounts. In order to use MS Graph SSO, IntelliFront must be registered as an application in Azure with the User.Read permission.

 
Follow the steps below to enable MS Graph SSO:

Register IFBI in Azure

  1. As an Azure admin, log into your Azure portal at https://portal.azure.com

  2. Select App Registrations from the main menu

  3. Click on the New registration link

  4. Enter a friendly name for the App registration

  5. For the Redirect Uri, select Web as the platform and enter https://{your ifbi instance}/msgraphsso as the Uri address (please note that all redirect Uris must use SSL (https))

  6. Click Register to create the app registration

  7. From the App Registration screen, make note of the Application (Client) ID and the Directory (Tenant) ID; you will need these for the second part of this process

  8. Click on API Permissions, then Add a permission and then select User.Read from the Microsoft Graph API

  9. Click on Certificates & secrets and generate a new Client secret with a duration of 24 months or more. Once generated, take note of the Client secret’s value (not Secret ID)

  10. Save the App Registration

Configure MS Graph SSO in IFBI

  1. Log into IntelliFront with your admin account

  2. Select Settings from the Administration menu

  3. Switch to the Sign in With Microsoft tab

     
    Screen Shot 2022-06-20 at 2.53.06 PM
     

4. Provide the details obtained when registering IFBI in Azure

5. Click Save Settings button

6. Log out of IntelliFront

7. There should now be a Sign in with Microsoft button available that can be used to log into the application using a Microsoft account. Alternatively, you can create a login link using the url https://{ifbi instance}/msgraphsso

 
image-20220620-140043