Azure Portal configuration for Azure login on EasyHour

In order to integrate your company domain powered by Microsoft Azure / Office365 with EasyHour an administrator must change a few settings in the Azure Portal.

Once Azure login is set up, employees will be able to log in on EasyHour with no need to create any account in advance. User authentication will happen on Microsoft servers using their mail credentials.

 

Preliminary EasyHour configuration

First of all, you need to set the login type. In Company > Employees > Login Configuration select "Microsoft Azure".

In the "Domain" field enter the company domain, e.g. if your corporate e-mail is name.surname@company.com then enter company.com as the domain. The domain will be used to identify your employees, so in this case only users with an @company.com account will be able to log into EasyHour.

Click the "Save" button and copu the "Callback url", you'll need it in the next step.

 

Azure Portal configuration

Login to Azure portal as an administrator and follow these steps:

  1. Navigate to Azure Active Directory.
  2. Click on App Registrations.
  3. Click on New Registration.
  4. Enter a name for the client such as EasyHour
  5. Redirect uri is Web and enter the "callback url" copied from EasyHour
  6. Click Register.
  7. In the Overview section, copy the ClientID from the Application (client) ID field.
  8. In the Overview section, copy the TenantID from the Directory (tenant) ID field.
  9. Click on Certificates & secrets and then New client secret.
  10. Add a description of the secret.
  11. Select never expires or the longest period available.
  12. Click Add. Copy the secret value
     

Finalize EasyHour configuration

Finally, go back to EasyHour and enter the 3 values you just copied:

  • Tenant ID
  • Client ID
  • Client Secret

Save the new configuration and you're done.

Additional steps for automatic user sync

EasyHour can automatically sync users by adding new users and/or deactivating users no longer found on Azure. In order for the sync to work, you must grant an additional permission to the EasyHour app in Azure: Directory.Read.All. This ensures EasyHour can read the full list of employees and make changes accordingly.