Microsoft SSO Integration

Customers who host uProduce outside of their domain can use Microsoft Single Sign-On (SSO) to connect directly to their domain controller to log in with their Microsoft account login credentials.

This article provides the configuration steps you need to take in order to use Microsoft Single Sign-On (SSO).

Prerequisites:

  • You have a Microsoft 365 / Azure AD tenant.

  • You have permissions to create an App Registration in your Azure portal.

  • The users signing in are part of your Azure AD tenant.

  • You have a valid XMPie license that includes Microsoft SSO.

  • Your IIS server must have secure protocols enabled.

Register an application in Azure AD

  1. Go to the Azure portal and sign in.

  2. In Azure Active Directory, search for App registrations.

  3. Click New registration to open the Register an application window.

  4. Fill in the following:

    • Name: Your company name.

    • Supported account types: Select the “Accounts in any organizational directory” option.

    • Redirect URI: Select Web as your platform, and fill in your redirect URI in this pattern:
      https://YOUR_DOMAIN/XMPieSSO/signin-oidc

  1. Click Register.

Set API permissions

  1. On the left panel, select Manage > API permissions.

  2. Click Add a permission.

  3. Click Microsoft Graph > Delegated permissions.

    Select the following permissions: profile, openid, email.

  4. Click Add permissions.

  5. Click Grant admin consent, and then click Yes in the consent confirmation popup.

Generate a client secret key

  1. On the left panel, select Manage > Certificates & secrets.

  2. Click New client secret.

  3. Add a description and expiration of the client secret.

  4. Click Add.
    The value of the client secret is generated.

  5. Copy and save the secret value - you’ll need it later.
    Note that if you do not keep this value, you will not be able to access it later.

Configure appsettings.json

  1. After installing uProduce, navigate to C:\XMPie\XMPieSSO and open the file appsettings.json.

  2. Open the JSON file, and replace the ClientID and ClientSecret with your own Azure AD app values.

    • The ClientID can be found here:

    • The ClientSecret is the value that you’ve saved in the previous procedure.

  1. Save the appsettings.json file and restart the web server.

Configure uProduce SSO users

After completing the Azure AD setup, you must register the new Microsoft SSO users in uProduce. Repeat this step for each new SSO user.

  1. Log in to uProduce with an admin user.

  2. On the menu bar click Settings > Users.

  3. Click New.

  4. In the New User dialog, select Built-In Windows Domain as the authentication type, and set the Login Name to match your Windows domain, for example:
    Your_name@xmpie.com.

  5. Enter all other settings, and click Save.

 

Created by: Tal Hayne on April, 2025