Quick Setup Guide

Introduction

This document is intended as a guide for an IT Administrator to setup an integration to Microsoft Entra ID for Authentication and Authorization. Configuration of Microsoft Entra ID is done via the Customer Portal.

Accessing the Customer Portal

Access to the Customer Portal can be granted to a User by contacting Customer Support

When access has been granted, the customer portal can be accessed at the following:

Adding a Microsoft Entra ID configuration

Adding a new Microsoft Entra ID configuration can be done from the Homepage where all configured Identity Providers are listed by clicking "Add Microsoft Entra ID configuration".

It should be noted that all Accounts have a "Karnov" Identity Provider by default.

Adding configuration - Step 1

The new configuration will require a name so that you can distinguish it from other Identity Providers configured on your Karnov account. This name will only be utilised within the Customer Portal. You will also need to enter your Microsoft Entra Tenant ID

Adding configuration - Step 2

Click "Show" on the newly created Identity Provider configuration. Granting admin consent - Step 1

Click the "Grant admin consent" button which will redirect you to Microsoft Entra ID to grant access. You will need access to an administrator account with sufficient privileges to grant access.

Granting admin consent - Step 2

Provisioning Users

Provisioning of users is done via one or more Microsoft Entra ID Groups.

Click "Create new group".

Provisioning users - Step 1

Enter the Object ID of the group that you wish to synchronize from Microsoft Azure.

Provisioning users - Step 2

User synchronization will start immediately. You will need to refresh the page to see the progress.

Provisioning users - Step 3

Granting Product Access to Groups

Before a user can login, they require access to a product. Product access is granted at the Group level. A user gains access to products from all of the groups which they are a member of.

Click the name of a group to view it.

Granting product access - Step 1

Click the "Edit product accesses" button

Granting product access - Step 2

Select the appropriate products for the group

Granting product access - Step 3

The selected products are now available for users within the group.

Granting product access - Step 4

Enabling the Identity Provider

The new "Entra ID" Identity provider needs to be enabled for authentication before it can be used. This is a global setting applies for all users.

Enabling Identity Provider - Step 1

User Login Experience

When trying to access a Karnov product, the user is first redirected to the login page. On the login page the user will be able to select “Login with Microsoft”.

User login - Step 1

After having authenticated with Microsoft for the first time, the user will be prompted with the question if they are an existing Karnov User or not.

If the user selects that they are a new Karnov user, they will have a new User created automatically and logged in immediately.

User login - Step 2

If the user has an existing Karnov user, they will be prompted to enter credentials for their previous Karnov user. This will allow them to continue to access data associated with their previous Karnov user when logging in via Microsoft.

User login - Step 3