How to Set Up Single Sign-On with Azure AD
This page provides a condensed procedure for configuring Azure Active Directory (now Microsoft Entra ID) as the single sign-on provider for xAssets. For full details on each step, see the SSO with Azure reference page.
Prerequisites
- An Azure Active Directory tenant with Portal administrator access.
- Configuration-level access to xAssets.
- The SSOADMIN account created and assigned to the Admins group (see SSO Introduction).
Step 1: Register an Application in Azure
- Sign in to the Azure Portal.
- Navigate to Azure Active Directory > App Registrations > New Registration.
- Name the application (e.g., "xAssets SSO") and click Register.
- Copy the Directory (Tenant) ID from the Azure AD overview page.
- Copy the Application (Client) ID from the application overview page.
Step 2: Configure the Azure Application
- Navigate to Certificates & Secrets > New Client Secret.
- Add a description, set an expiration period, and click Add.
- Copy the Value immediately -- it is only displayed once.
- Navigate to the Authentication page and tick ID tokens under "Implicit grant and hybrid flows".
- Under Redirect URIs, add your xAssets URL:
https://yourcompany.hosted.xassets.net/a.aspx - Navigate to API Permissions and ensure Microsoft Graph > OpenID and User.Read are granted. Click Grant admin consent if prompted.
Step 3: Create a Credential Pack in xAssets
- In xAssets, click Settings (top right) > Credentials.
- Click New to create a new credential pack.
- Set the type to Single Sign On.
- Name the pack Azure.
- Fill in the fields:
| Field | Value |
|---|---|
| Domain Name | Your Azure Tenant ID |
| Username | The Application (Client) ID |
| Password | The client secret Value from Step 2 |
- Save the credential pack.
Step 4: Set the Authentication Type in xAssets
- Navigate to Admin > Settings.
- Set the setting AUTHENTICATIONID to Azure AD.
- Save the setting.
Step 5: Test the Login
- Open a new private/incognito browser window.
- Navigate to your xAssets URL.
- You should be redirected to the Microsoft login page.
- After authenticating with Microsoft, you should be returned to xAssets and logged in automatically.
If the login fails, use the direct login URL to bypass SSO for troubleshooting:
https://yourcompany.hosted.xassets.net/a.aspx?logondirect=direct
Important Warnings
- The redirect URI in Azure must match your xAssets URL exactly, including the protocol (
https), domain, and path (/a.aspx). - Client secrets have expiration dates. Set a calendar reminder to renew the secret before it expires, or SSO will stop working.
- When renewing a secret, create the new secret first, update the xAssets credential pack, then delete the old secret.
Related Articles
- SSO with Azure — full reference with screenshots
- Azure User Groups — mapping Azure AD groups to xAssets user groups
- SSO Introduction — general SSO enablement steps
- Logging in Without SSO — bypass SSO for troubleshooting