ProcessPro

ProcessPro supports Okta, ADFS and Microsoft Entra login via single sign-on (SSO).

Before starting setup, ensure that you have access to your organization Azure setup environment. Also ensure that your instance of ProcessPro has been initialized by our team. 

This is necessary to generate an application id that is required by ProcessPro for the authentication. 

Follow the steps to register ProcessPro as an application in your Azure environment:  

<a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app" rel="nofollow noopener noreferrer" target="_blank">Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Learn</a>

- <a href="https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app" rel="nofollow noopener noreferrer" target="_blank">Quickstart: Register an app in the Microsoft identity platform - Microsoft Entra | Microsoft Learn</a>

Use the following values to perform the correct setup of the Azure Application:

Click Register, do not add redirect URL this will be added in the next step.

Note the Application ID, we need that ID to complete the set up on ProcessPro side

Set Redirect URIs, Front-channel logout URL and tokens.

Please note that the details below are example data only. You need to replace the "nz" with the first two letters of your ProcessPro URL, e.g. my, ca, us, eu. Also, you need to replace "globex" with your instance name, this is normally the name of your organisation.

- Redirect URI is your ProcessPro instance details
 - https://nz.processpro.io/globex/account/signin-azure
- Front-channel logout
 - https://nz.processpro.io/globex/account/login
- Select ID tokens (used for implicit and hybrid flows) 
 
 Please ensure that the data you used in the preceding details is updated in the blue sections of the diagram below.

Confirm that the correct permissions are set. You need to Grant admin consent; otherwise, all users would be required to set their own consent. 

- Name: ProcessPro
 
 
 
- Click Register, do not add redirect URL this will be added in the next step.
- Note the Application ID, we need that ID to complete the set up on ProcessPro side
 
 
 
- Add an Authentication platform 
 
 
 
- Select Web
 
 
 
 
 Set Redirect URIs, Front-channel logout URL and tokens. 
 Please note that the details below are example data only. You need to replace the "nz" with the first two letters of your ProcessPro URL, e.g. my, ca, us, eu. Also, you need to replace "globex" with your instance name, this is normally the name of your organisation.
 
 - Redirect URI is your ProcessPro instance details
 - https://nz.processpro.io/globex/account/signin-azure
 - Front-channel logout
 - https://nz.processpro.io/globex/account/login
 - Select ID tokens (used for implicit and hybrid flows) 
 
 Please ensure that the data you used in the preceding details is updated in the blue sections of the diagram below.
 
 
 
- Confirm that the correct permissions are set. You need to Grant admin consent; otherwise, all users would be required to set their own consent.

This is done if organizations have different usernames for their email addresses. Then, a claim needs to be added for each email address. 

From the registered application, go to Token configuration.

Select email for the claim to include.

Click Add to add the optional claim.

- From the registered application, go to Token configuration. 
 
 
 
- Click on +Add optional claim. 
- Select ID as the token type. 
- Select email for the claim to include.
- Click Add to add the optional claim.

The manifest update is only required if you select additional claims to be sent to ProcessPro. In the default setup, updating the manifest details is not necessary.

This is needed to prove that the claim was added in the Azure 

- acceptMappedClaims = true 
- allowPublicClient = true 

- This is needed to prove that the claim was added in the Azure 
  - acceptMappedClaims = true 
  - allowPublicClient = true 

Please note the Application ID from the Overview section and send this to ProcessPro Support so they can continue the setup.

Processpro support needs to make the following changes as soon as the organisation has set up the application.

Add the ApplicationID to the authentications.json file for the specific site. 

Update settings for the Default Company with master login details 

- Add the ApplicationID to the authentications.json file for the specific site. 
- Restart the application server. 
- Update settings for the Default Company with master login details 
   
  
   

If you need help setting up your environment, please don't hesitate to contact Support.

Set up single sign-on for Okta, ADFS and Microsoft Entra (Microsoft Azure).