Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. First register your Grand Avenue instance in your external identity provider and authorize it for the operations it needs for SSO.

    1. Under App registrations select the New registration option

      Image RemovedImage Added

    2. Complete the fields to register Grand Avenue

      Image RemovedImage Added

      The redirect URI for a Grand Avenue instance can be found in Grand Avenue from at Configure Authentication Management → Configure Single Sign On

      Image Removed

      image-20240125-171842.pngImage Added


      You should register the Redirect URIs for all Grand Avenue instances with users that will need to authenticate against your SSO provider. For hosted Grand Avenue customers, this will include each of your sites:

      1. Production - https://<customername>/GrandAvenue/Authentication/authorization-code/callback

      2. Training - https://<customername>/Training/Authentication/authorization-code/callback

      3. Upgrade - https://<customername>/Upgrade/Authentication/authorization-code/callback

      4. Evaluation - https://eval.grandavenue.com/<customername>/Authentication/authorization-code/callback

  2. Configure the necessary settings for the Grand Avenue registration in Azure AD

    1. Under Authentication endure both “Access tokens” and “ID tokens” are selected.

      Image RemovedImage Added

    2. Under Token Configuration, select Add optional claim and add the following:

      When prompted, check the box to “Turn on the Microsoft Graph email permission” and click Add

      Image RemovedImage Added

    3. Under API permissions, select Add a permission and set up as identified below:

    4. Under API permissions select Grant admin consent for Grand Avenue Software and select “Yes” to confirm

  3. Add information to Grand Avenue. Navigate to the “Configure Single Sign On” via Configure Authentication Management → Configure Single Sign On

    1. Change the Single Sign On Enabled? dropdown to “Yes”

    2. Complete the required fields and click Save.

      1. The Provider Name entered here will be displayed to users on the Sign In page as "Sign in with <provider name>" (e.g., "Sign in with Azure AD")

      2. The other fields must be populated with information from the Grand Avenue registration you created above.

        Image Removedimage-20240125-172104.pngImage Added

        Image RemovedImage Added