/
Single Sign On (SSO) - Azure AD

Single Sign On (SSO) - Azure AD

What is Needed

To facilitate setting up SSO via Azure AD (AAD), we need the following information:

  1. Azure Tennant ID.

  2. Azure Application ID (Instructions Below).

Users logging in from the configured company in RIB CX will then be required to login with the AAD credentials.

It matches user accounts based on their email address.

To Get Your Azure Tennant ID

  1. Login to the Azure Portal: Microsoft Azure

  2. Select Microsoft Entra ID (formerly Azure Active Directory)

image-20260206-044622.png
Example of a Tenant ID (for visual purposes only)

To Get Azure Application ID

To get an Application ID, you will need to register an App.

  1. Login to the Azure Portal: Microsoft Azure

  2. Select Microsoft Entra ID (formerly Azure Active Directory).

  3. Select App Registrations from the menu.

  4. Click on + New Registration.

image-20260206-042046.png

    a. Name: RIB CX SSO

    b. Application Type: Native

    c. Redirect URI: https://au.itwoCX.com/CXR/Authentication

NOTE: Depending on what instance your project is hosted on you may need to change au.itwocx.com. For example to au2.itwoCX.com or enter the URL that you project is on.

  1. Once above steps are complete your application ID will be displayed under essentials.

image-20260206-044732.png
Example of Application ID (for visual purposes only)

Edit Manifest File

  1. Edit the manifest file – replyUrls:

"replyUrls": [ "https://au.itwoCX.com/" ],

  1. Edit the manifest file – requiredResourceAccess:

"requiredResourceAccess": [ { "resourceAppId": "00000002-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "311a71cc-e848-46a1-bdf8-97ff7156d8e6", "type": "Scope" }, { "id": "a42657d6-7f20-40e3-b6f0-cee03008a62a", "type": "Scope" } ] }, { "resourceAppId": "52e5f8a4-8b0e-455f-9df4-5beb7c37dd18", "resourceAccess": [ { "id": "5e626597-eec0-4695-8ddd-e3aa9e05f712", "type": "Scope" } ] } ],

  1. Provide RIB with the Application ID and Tennant ID so we can update the project configuration under Contacts, Company Name, Authentication - External Providers:

image-20260202-230527.png
image-20260206-045029.png

Connecting to API from PowerBi / Excel 

Note: if you are authenticating with Azure AD / SSO and connecting to the API from Power BI / Excel etc you also need to make sure that this is allowed in the Application config.

  1. Within the Azure Portal.

  2. Click on App Registrations.

  3. Click on the RIB CX (or iTWO CX) application.

  4. Click on Authentication (Preview).

  5. Click on + Add Redirect URI.

  6. Click on Mobile and Desktop Applications.

image-20260206-045853.png

  1. Tick the 3 checkboxes.

  2. Click on configure.

image-20260206-050542.png

They will display in the Mobile and Desktop Applications category:

image-20260206-050819.png

  1. Click on Settings.

  2. Enable “Allow public client flows”.

  3. Click on Save.

image-20260206-051150.png