If you have an Azure / Entra ID account, you can activate Single Sign On (SSO) for Lanes & Planes based on your users’ email addresses. Users then can enter their Azure Active Directory credentials to access Lanes & Planes instead of maintaining a separate password. (If you are not using Azure Active Directory, users’ credentials for your Azure account will also work here.) You can control access to Lanes & Planes based on who is in your Azure Active Directory.
If you want to set this up, Lanes & Planes will give you a redirect URL, like this:
https://api.lanes-planes.com/auth/example/callback
You will enter that URL into your Azure configuration below.
1) Set up in Azure
i) Sign in to Azure as an administrator and go to the App Registrations section. If you haven’t yet created an app, click New registration to create one.
ii) Give your application a name, check that the following options are correctly selected and enter the redirect URL, provided by Lanes & Planes. Click on Register.
iii) Application (client) ID and Directory (tenant) ID are now being displayed. You'll need both codes later to enter them into Lanes & Planes.
iv) On the left you'll find the area Certification & secrets. Click on it. On the following page, you click on Client secrets and then New client secret to create the needed third code which needs to be entered into Lanes & Planes.
Give your Client secret a Name (Description) and decide if you want to have an expiry date or not.
Finally, click on Add and the generated Client secret (Client Secret Value, not ID) will be displayed.
Make sure to copy & paste it right away, because if navigated away, Azure won’t show it again.
2) Set up in Lanes & Planes
i) Sign in to Lanes & Planes as an administrator and go to the Company Account. In Settings & Policies, you will find Single Sign On. Click on it. (In case this button is missing, click here)
ii) Choose active_directory_oauth2 from the OAuth strategy dropdown menu. Client ID, client secret (Client Secret Value, not ID) and tenant are the three codes to be generated in Azure. Enter them into the dedicated field and click on Submit.
The set-up is now complete, and the users are able to use Single Sign On.
IMPORTANT: The e-mail addresses of the users must be absolutely identical in both systems (case-sensitive). If there is a discrepancy between the UPN and the e-mail address, please check the following Microsoft instructions: Enable user sign-in with an email address
Once the secret has expired, a new client secret value must be generated and stored under OAuth client secret. The client ID and tenant remain unchanged.
Comments
Please sign in to leave a comment.