From Web Port version 2.23.3 you are able to use Single Sign On(SSO) as login-method. This keeps you logged in with a Kiona ID and you can swap between Kiona applications(Edge, Energinet, IWMAC & Web Port) without having to login multiple times.
To activate SSO first go to System settings/Server and click on Authentication-settings.
Check the box "Enable Kiona Identity"(1) and settings for this will appear below.(2)
You can set default authentication to Kiona Identity, the login screen will now change from the local login to a new screen for the users.
If Kiona identity is default authentication, you don't need to create password or pin when adding users. Users created will instead recieve an email with a link to a page where they will create their own password and setup their account.
If Kiona identity is enabled, 2-factor authentication is disabled under connections.
Kiona Identity settings
There are 3 settings to use:
|External Azure AD Tenant Id
|Migrate users to Kiona id (checkbox)
|This will migrate all users that have an emailadress filled in under Access/Users
|Enable multi-factor authentication (checkbox)
|Enable multi-factor authentication for all Kiona Identities
Login screen will look as following without tenant ID:
Setting up Tenant ID
Azure Active Directory tenant ID must be provided.
Tenant ID will be found here in Azure:
Once Tenant Id(1) is entered Grant Permissions button will appear(2).
Clicking the button(2), will open a new tab where it requires to sign in to Microsoft. (This should be done by admin user of Azure Active Directory).
Once the admin user signs in, user will be prompted with following popup below: Admin should tick the checkbox "Consent on behalf of your organization" and Accept so that all the users within the AAD will get the permissions granted for them.
Login screen will look as following with tenant ID filled in:
Group ID will be found here in Azure:
Groups are mapped by adding the group ID from Azure to group in Web Port.