How to set up Entra ID (SSO)

Since Entra ID users will be mixed with regular Web Manuals users, it is good to know exactly what to expect from the Entra ID to Web Manuals synchronization process.

Below is a list of events that will occur during the synchronization of users from Entra ID:

  • Users from Entra ID will be matched with Web Manuals users based on the options of this guide.
    • If a user is found, the user will be updated with information from Entra ID, and an external ID will be added that links the user to the Entra ID user.
    • If no user is found, a new user is created. It will get its information from the Entra ID user and an external ID to connect it with its Entra ID counterpart.
      Note: A user created in this way will get a secret random password, meaning the user will not be able to log in with the regular Web Manuals credentials until an administrator resets their password.
  • Subgroups in Entra ID will create corresponding roles in Web Manuals. Users will be assigned these roles automatically.
  • When synchronizing, any existing Web Manuals users with links to Entra ID that are not in the selected AD group, will be inactivated.
  • No user data is lost in the synchronization process.

The first step will be to click on System → click Single Sign-On (SSO) → click on Configure:

Next is setting up users and their roles. Let’s first explain the content of the Entra ID page.
In the first box, there are four options:

  • Sync to role – This is a role in Web Manuals that will contain all groups and users synchronized from Active Directory. It is advised to create a specifc top-level role in Web Manuals for this purpose.
  • Notify email – Which email to notify if any errors occur during the synchronization process.
    Comparing attributes – Which properties on each user account to compare when syncing. Options available for the Web Manuals account are username and email, the options available for Active Directory accounts are, as well, username and email.
  • Comparing attributes is only used on users that have not yet been synchronized. Existing synchronized users are connected through external IDs to their Entra ID counterparts.
  • Skip email domain in username – This option allows usernames in Web Manuals not to include the @domain part of a username. For example if an Entra ID user has the username, its username in Web Manuals would be tested if this option was enabled.

Changes to these settings are applied by clicking on the update button.

In the second box we have the list of Entra ID groups available. This is a representation of the Active Directory and should not be confused with groups, users, or roles in Web Manuals.

Here you should select one group that will be synced to Web Manuals. Sub-groups will be added as sub-roles to the role chosen in “Sync to role”. Since only one group can be selected, administrators are advised to create a root group for Web Manuals in their Active Directory and add sub-groups and users to that group.

  1. Click on an Entra ID group to select it, then click the Select button.
  2. Click the sync button to update the user data in Web Manuals.
    Note: Changing the selected group and syncing will cause all previously synced users to become inactive unless they are included in the new group.

To verify that everything works as it should, you can go to Users → Manage users, and you should see all users from the selected Active Directory group.

Was this article helpful?
0 out of 0 found this helpful

Articles in this section