To ensure compliance with security standards, Onix Work allows companies to limit the authenticating method of their users to Sign in with Microsoft. In addition, if your company is using Microsoft Entra ID, you can enable and configure Group Claims to manage users more efficiently.
1. Enable Single Sign-On (SSO) on Onix Work
- Log in to Onix Work.
- Go to Settings.
- Go to Users & Roles.
- Switch to Single Sign-On tab.
- At General section, click Edit.
- Fill out your company’s Microsoft Entra Tenant ID at Tenant ID field.
Check out this instruction from Microsoft: Find the Microsoft Entra tenant ID
As a result, users will have the flexibility to either sign in with Microsoft or log in using a username and password registered on Onix Account before.
2. Verify if Single Sign-On (SSO) works
Ask one of your existing users visible in Onix Work’s Users & Roles to perform the following check.
- Log out of Onix apps from browser.
- Go to Onix login page.
- Click Sign-in with Microsoft.
- Select your Microsoft account. And you’ll be automatically logged in to Onix in no time.
3. [Optional] Force use of single sign-on (SSO)
Requirements:
- Your company must have an existing Microsoft Entra ID account.
Here’s how to force use of SSO:
- Go to the Settings module —> Open Users & Roles —> Switch to the Single Sign-On tab.
- In the General section, click Edit —> Turn on the Force use of SSO toggle to ensure users can only log in with their Microsoft account.
You can keep Group Claims toggle disabled if you prefer:
- Current users’ roles and licenses in Onix Work are not affected by the settings in Microsoft Entra ID.
- New users only have access to your organization when you invite them from Onix Work - Settings - Users & Roles.
4. [Optional] Manage users with Microsoft Entra ID and Group Claims
4.1. Add Onix Work to Azure portal
Important notes:
- Group Claims only works correctly when users sign in with their Microsoft accounts (SSO login).
- Your company must have an existing Microsoft Entra ID account.
- Required user privilege: You must have “User provisioning with Microsoft Entra ID group claims” privilege at “Full access” level to configure the Group Claims in Onix Work.
Here’s how to add Onix Work to your Azure portal:
- In Azure portal, navigate to the overview page —> Select Enterprise applications.
- In the All applications section, click New application —> Search and select Onix Work.
- Click Create to add the application to Microsoft Entra ID.
4.2. Enable Group Claims in Onix Work
- Go to the Settings module —> Open Users & Roles —> Switch to the Single Sign-On tab.
- In the General section, click Edit.
- Turn on the Enable Group claims toggle.
- Paste your company’s Tenant ID. This information can be found in your Microsoft Entra ID - Overview page.
4.3. Add and manage Group Claims in Onix Work
Add a new group
Here’s how:
- In the Group claims configuration section, click Add.
- Fill in the Group ID field with the relevant Group ID taken from Microsoft Entra ID.
- Fill in other fields with relevant information:
- Description: Name of the group.
- Role: The default role assigned to any new users of the group.
- License: The default license assigned to any new users of the group.
Edit existing groups
While managing Group claims, you might need to edit a group’s information or priority.
A group’s priority decides the role and license of a user upon the first SSO login in case he/she belongs to multiple groups. For example, if the user belong to both the 1st and 3rd groups, he/she will have the 1st group’s role and license.
Here’s how to edit a group:
- Select a group.
- Click Edit to adjust its information, or
- Click Move up/Move down to adjust its priority, or
- Click Delete to delete the group permanently.
