SSO Set Up
Creating an R+ Azure Active Directory Application
R+ only supports active directory login for Microsoft Azure Active Directories. There is an assumption that there is a directory already exists at the customer site. If not, your IT team will need to provision an Azure Active Directory installation and configure synchronization to their OnPrem directory themselves. We have included a guide below that should guide administrators through that process.
High-level steps are as follow:
Request SSO login access via [email protected]
Create Replenishment Plus Enterprise Application inside customer Azure AD
Configure Application for customer’s R+ instance(s)
Note customer’s directory tenant/domain. By default, this is a subdomain of onmicrosoft.com, but can also be configured with a custom domain. (i.e. ddtechtest.onmicrosoft.com, demanddriventech.com, etc.)
Note customer’s Replenishment Plus Application ID
Gain SSO Access
The first step to enabling SSO will be to request that access via the Demand Driven Technologies Support desk. SSO is an additional module that does not come standard with an instance. To check to see if you already have SSO enabled, visit your Site Administration Settings > Accounts & Access. If SSO has already been enabled for your instance, you will see an "Azure Active Directory" tab on the left-hand side menu.
If you do not see this tab, you will need to fill out a support ticket and request this feature be enabled. To do this, please email [email protected] with a request to enable SSO for your instance. Please be sure to include your role, your company, any site administrator sign off required, and the instance(s) URL that you wish to add SSO to.
Create Enterprise Application
First, navigate to the Azure AD in Azure’s portal. Select Enterprise Applications from the left side.
Then select "New Application" at the top of the page.
Create a Replenishment Plus application.
Select "New Registration".
Set application name and redirect URI. If you have multiple instances, additional URLs may be added after creation. Select "Register" to finish the registration.
Visit the application and select "Authentication" on the left-hand menu bar. Enable ID tokens.
Go back to the Overview page and find the Application ID for the Replenishment Plus application. This is the ID you will use to connect your Active Directory to R+.
Configure R+
Log into R+, navigate to Site Administration > Accounts & Access > Azure Active Directory.
Assign Azure AD application values
Saving these values will actually restart the R+ application, terminating any active background jobs. Please complete any active processes before doing this.
Select default user roles
R+ does not currently map any SSO groups to in-app roles. A default role assignment may make sense for customers to aid in initial on-boarding. In the Accounts & Access tab, select the Azure Active Directory screen.
In the "New user provisioning" section, select the default roles from the dropdown that you wish all users logging into R+ via SSO to have when they first log in.
Enabling local passwords
Some user accounts can "multi-home", which is where they have a local password, but can also log in with their SSO credentials. By default this is disabled. To enable it, you can select "All Local Password" on the user account.
Without Allow Local Password enabled on their account, users cannot reset their passwords, and password policy options will not be enforced.
Last updated
Was this helpful?