Single Sign On (SSO) with Azure Active Directory

It is possible to configure Incentive so that you can sign in with credentials from your Azure Active Directory. To enable this you should first make sure that your web.config has the following authentication mode.

<authentication mode="None" />

You should also check that you web site in IIS has the following settings:

• Anonymous Authentication - Enabled
• ASP.NET Impersonation - Disabled
• Forms Authentication - Disabled
• Windows Authentication - Disabled

You should then go to /manage/settings/8b40f101-0e04-4db8-be00-8b60a74d1a8b and click the Azure tab.

Here you should enter the application/client id as obtained from your app in the Azure portal.

1. Sign in to the Azure portal.
2. On the top bar, click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.
3. Click on More Services in the left hand nav, and choose Azure Active Directory.
4. Click on App registrations and choose Add.
5. Enter a friendly name for the application, for example 'Incentive' and select 'Web Application and/or Web API' as the Application Type. For the Home page URL, enter the base URL for your incentive installation, e.g. https://incentive.mycompany.com. Click on Create to create the application.
6. While still in the Azure portal, choose your application. Find the Application ID value and enter it into the 'Client id' field in Incentive.

Next you need to lookup the tenant id of your Azure Active Directory.

1. Sign in to the Azure portal if not signed in already.
2. Click on More Services in the left hand nav, and choose Azure Active Directory.
3. Click on Domain names and find the primary domain. Go to /tools/5b5ef667-d0c4-48f7-8616-ab3f1c2d0016 in your Incentive installation and enter the domain name in the textbox.
4. Click Execute and check the Log field where the tenant id of your domain is printed.
5. Enter the tenant id in the 'Tenant whitelist' field in Incentive.

After hitting the Save button your users can now sign in with their Azure Active Directory credentials by clicking the 'Sign in with Microsoft' button.