Single Sign-On with Azure Active Directory

Manage your Project Insight users through your Azure Active Directory when you enable the Azure AD Single Sign On add-on.

Install the SSO with Azure Active Directory Add-on

NOTE: You must be a PI system administrator to perform these functions

1. Go to Administration in the left navigation, select Add-ons, and click the "Get More Add-ons" tab
   
   
   
   
2. Click on the SSO with Azure Active Directory card and then the [Install] button
   
   
   
   
3. After installing, click [Configure]
4. Enter in your Azure AD Directory ID (Tenant ID) and select whether you want Active Directory users automatically added to PI 
   
   

Getting your Azure AD Directory ID (Tenant ID)

NOTE: You must be an Azure system administrator to perform these functions

1. Go to your Azure Active Directory
2. Click on Properties
3. Click the "Copy to clipboard" icon to the right of the Directory ID
4. Paste this value into the Tenant ID field in the PI SSO with Azure Active Directory add-on configuration screen
   
   

Granting Permission to Your Organization

NOTE: You must be an Azure system administrator to consent to the following permissions request

The Project Insight for Azure AD SSO application requires the following permissions:

1. Microsoft Graph - User.Read (Sign in a read user profile) 
2. Microsoft Graph - email (View user's email address)
3. Microsoft Graph - openid (Sign users in)
4. Microsoft Graph - profile (View user's basic profile)

After configuring the add-on with your Azure Tenant ID as directed above, the very first person to sign into Project Insight using the Azure AD SSO option should be an AAD Domain Administrator.

A consent screen will be displayed but before clicking Accept make sure that the "Consent on behalf of your organization" option is checked so that all users will be able to use SSO when signing into Project Insight: