Differences

This shows you the differences between two versions of the page.

--- additional_resources:jc360_and_azuread_integration [2025/06/16 14:59] – support
+++ additional_resources:jc360_and_azuread_integration [2025/09/23 12:44] (current) – support
@@ Line 1: / Line 1: @@
 ====== Integrating Azure AD with JC360: Setup Guide ======
-^To enable Azure Active Directory (Entra ID) authentication and user synchronization in your JC360 production environment, follow the configuration steps outlined below.^
+^To enable Single Sign-On (SSO) and integrate your Microsoft Entra ID (Azure AD) with our service, please follow the steps below.^
-===== How to Integrate Azure AD with JC360 for Production Environments =====
+===== Collect and Share Your Tenant ID =====
-To enable secure and seamless login for your users through Microsoft Entra ID (formerly Azure Active Directory) in the JC360 production environment, follow the configuration steps below. This guide will walk you through creating an app registration, generating credentials, and setting permissions required for login and user synchronization.
+  - Sign in to the Azure Portal – Entra ID [[https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview|Overview]]
+  - Copy your Tenant ID (Directory ID) – this is a 36-character GUID.
+  - Send this Tenant ID to our support team at [[support@jobctrl.com|support@jobctrl.com]]
-==== Step 1: Register a New Application in Microsoft Entra ID ====
+===== Approve the Admin Consent Request =====
-You’ll need to create an App Registration in your Azure portal. This app will act as the identity bridge between your Azure AD and JC360. (help: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)
+Once we receive your Tenant ID, our support team will send back a direct link for admin consent.
+  - Open the link.
+  - Microsoft Azure will prompt you to review the requested permissions.
+  - Grant consent to allow our service to integrate with your directory.
+===== Connect Your Users =====
+After consent is granted, your users can be connected to the service. There are two options:
-==== Step 2: Add the Redirect URI and enable the ID token ====
+==== Manual setup (for smaller organizations) ====
-You must add a redirect URI to your app registration. This URI depends on your JC360 hosting type:
-  * Cloud-based environments (hosted by JC360): https://(br.)jobctrl.com/Login/AzureADAuthenticate.aspx
+  - An admin logs into the JC360 web portal.
-  * On-site (self-hosted) environments: https://jc360.[company-short-name].com/Login/AzureADAuthenticate.aspx
+  - Create user profiles for each employee.
-(help: https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-redirect-uri)
+  - Assign the corresponding **User Principal Name (UPN)** to each profile.
+  - Once assigned, users will be able to sign in with their Azure AD credentials (SSO).
-Once the URi assignment has been maden, one-time configuration is required to enable ID tokens by the authentication endpoints.
+==== Automated User Sync tool ====
-{{:additional_resources:azure_idtoken.png?800|}}
+For larger organizations, we recommend having a user sync tool that connects Azure AD directly with JC360. This integration allows user profiles in JC360 to be created automatically as soon as new employees are added to your Active Directory, minimizing manual administration.
-==== Step 3: Generate a Client Secret ====
+Our team can develop and implement this tool for you for an integration fee. Alternatively, if your IT team prefers to build the sync on their own, we can provide the required [[https://jobctrl.com/api/help/|API]] addresses and connection details to make the integration work.
-In the app registration's "Certificates & secrets" section, generate a client secret. Save this value securely—you'll need to share it with JC360 Support. (help: https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret)
-==== Step 4: Send Required Information to JC360 Support ====
-Please send the following values to JC360 Support Team via email (support@jobctrl.com):
-  * Application (Client) ID
-  * Tenant ID
-  * Client Secret
-  * User Principal Name (UPN) of the person performing the initial login test
-These credentials allow us to configure Azure AD authentication and allow access to your domain.
-==== Step 5: Assign Microsoft Graph Permissions ====
-To enable automatic user synchronization, configure Microsoft Graph API permissions for your app:
-  - Add Application permissions to read user profiles.
-  - Grant Admin consent after assigning permissions.
-{{:additional_resources:azureadpermissions.png?800|}}
-(help: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#application-permission-to-microsoft-graph , https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#admin-consent-button)