Force login with Microsoft account (SSO) and manage Group Claims with Microsoft Entra ID

To ensure compliance with security standards, Onix Work allows companies to limit the authenticating method of their users to Sign in with Microsoft. In addition, if your company is using Microsoft Entra ID, you can enable and configure Group Claims to manage users more efficiently.

1. Force use of single sign-on (SSO)

Requirements:

  • Your company must have an existing Microsoft Entra ID account.
  • You must have “User provisioning with Microsoft Entra ID group claims” user privilege at “Full access” level to configure the SSO.

Here’s how to force use of SSO:

  • Go to the Settings module —> Open Users & Roles —> Switch to the Single Sign-On tab.
  • In the General section, click Edit —> Turn on the Force use of SSO toggle to ensure users can only log in with their Microsoft account.

You can keep Group Claims toggle disabled if you prefer:

  • Current users’ roles and licenses in Onix Work are not affected by the settings in Microsoft Entra ID.
  • New users only have access to your organization when you invite them from Onix Work - Settings - Users & Roles.

2. Manage users with Microsoft Entra ID and Group Claims

2.1. Add Onix Work to Azure portal

Important notes:

  • Group Claims only works correctly when users sign in with their Microsoft accounts (SSO login).
  • Your company must have an existing Microsoft Entra ID account.
  • Required user privilege: You must have “User provisioning with Microsoft Entra ID group claims” privilege at “Full access” level to configure the Group Claims in Onix Work.

Here’s how to add Onix Work to your Azure portal:

  • In Azure portal, navigate to the overview page —> Select Enterprise applications.
  • In the All applications section, click New application —> Search and select Onix Work.
  • Click Create to add the application to Microsoft Entra ID.

2.2. Enable Group Claims in Onix Work

  • Go to the Settings module —> Open Users & Roles —> Switch to the Single Sign-On tab.
  • In the General section, click Edit.
  • Turn on the Enable Group claims toggle.
  • Paste your company’s Tenant ID. This information can be found in your Microsoft Entra ID - Overview page.

2.3. Add and manage Group Claims in Onix Work

Add a new group

Here’s how:

  • In the Group claims configuration section, click Add.
  • Fill in the Group ID field with the relevant Group ID taken from Microsoft Entra ID.
  • Fill in other fields with relevant information:
    • Description: Name of the group.
    • Role: The default role assigned to any new users of the group.
    • License: The default license assigned to any new users of the group.

Edit existing groups

While managing Group claims, you might need to edit a group’s information or priority.
A group’s priority decides the role and license of a user upon the first SSO login in case he/she belongs to multiple groups. For example, if the user belong to both the 1st and 3rd groups, he/she will have the 1st group’s role and license.

Here’s how to edit a group:

  • Select a group.
  • Click Edit to adjust its information, or
  • Click Move up/Move down to adjust its priority, or
  • Click Delete to delete the group permanently.