Office 365 Single Sign-on
What is it?
With Single Sign-on with Microsoft Office 365 (Azure Active Directory) enabled, users can sign in to eHour using their Microsoft Office 365 account. Users do not have to remember a separate eHour password as they authenticate through your directory.
Single Sign-on first must be enabled in eHour by an admin before users can sign in with the Microsoft account.
What are the benefits?
Convenience. Users no longer have to struggle with multiple passwords and remembering which one is for which account.
Productivity. When eHour is easier to access, it will be used more effectively.
Reducing Risk. Having only one access point minimizes the likelihood of users using simple easy-to-crack passwords. Plus you can have one company-wide password policy enforced in Office 365.
How to enable SSO?
To enable Single Sign-on (SSO) with Microsoft, a Microsoft Admin user must first give a one-time consent to allow eHour to authenticate. After consent is given, the "eHour Time Tracking" app will be registered in your Azure Active Directory.
- As an eHour Admin, click on the gear icon and select Single Sign-On
- Click on the "connect with Microsoft Azure" button.
- In the Microsoft login screen, sign in with your Microsoft Admin account.
- Review the permissions the eHour Time Tracking app requires and click on Accept.
- You are redirected back to eHour, Single Sign-on is now enabled.
Do I still have to create a user in eHour?
Microsoft Accounts and eHour users are matched on their email address. When a Microsoft account signs in, a search is performed for an active eHour user with the same email address as the Microsoft account.
So yes, you still have to create a user in eHour with the same email address as the address in Office 365. You assign projects and tasks to that user in eHour while the Microsoft account is only used for authentication.
How can I sign in with my Microsoft account?
When Single Sign-on is enabled you can use the "Sign with Microsoft" button on the eHour login page to sign in with your Microsoft account. Bookmark https://ehourapp.com/login/azure and bypass the login page.
Disable eHour password login
As an extra security measure, you can configure eHour to allow users to sign in only using their Microsoft account. When enabled, users can no longer sign in to eHour with their eHour password.
To prevent any account lockouts; eHour admins are always allowed to sign in with their eHour password, regardless of whether this is disabled for other users.
To only allow Microsoft accounts:
- As an Admin, click on the gear icon and select Single Sign-On
- When Single Sign-on is enabled, click the "only allow logins with Microsoft accounts" button
You can always re-allow eHour logins by navigating to the same page and click the "allow both Microsoft and eHour logins" button