Wizard ID Authentication

Wizard ID has support for three SSO types

  1. Microsoft (work or school) accounts.
  2. Google Accounts.

Microsoft (work or school) accounts

To setup Microsoft authentication with a new Azure tenant, an Enterprise App that corresponds to our Wizard ID App Registration is required in the new Azure tenant. Since Wizard ID is not published to the Azure App Gallery, a user from the new Azure tenant must log in to Wizard ID to create the Enterprise App.

Please begin our Wizard ID Admin Consent flow by clicking this link: https://wizardid.wizardsoftware.net/diagnostics/adminconsent

  1. Click here to begin the Admin Consent flow: Click here to begin admin consent

  2. Sign in (no screenshot).

  3. Permissions requested, choose "Accept": Accept requested permissions, to grant admin consent

This will require that someone with Global Admin logs in and grants Administrative Consent. This should create the Enterprise App in the your Azure portal, so you can perform any customer-specific configuration on your side.

This can be verified using the diagnostic test page: https://wizardid.wizardsoftware.net/diagnostics/testpage with a regular (non-Global Admin) user account.

Common Problems, without Global Admin

Without a Global Admin, these are some likely scenarios you can encounter. All of these will require a Global Admin to perform the Admin Consent flow.

Request Access

In most scenarios, Wizard Software users will not be able to consent to Wizard's information gathering (email address, and first/last name) and Azure will show them a screen that explains this, with an option to "Request access": end-user-justification

When this occurs, the user should fill out the "Request access" form and follow up with the appropriate internal IT resource.

Generally this requires an administrator to attempt the Wizard ID Test Page, in which case one of two following outcomes are likely.

Sometimes, a user or administrator will have the ability to consent for themselves but not on behalf of the organization: self-consent page, without org consent checkbox

and will be able to login and see Wizard's success page: wizard id success

Often this is not a sufficient stopping point.

At this point, Organizational Consent is likely to be required to allow the remainder of the users to log in; however, since a Wizard ID Success page was seen, the Enterprise App has been created in your Azure Tenant. The instructions on our docs website can be followed to grant Organizational Consent and grant the remaining users access.

See Also:

An administrator with Global Admin will have the ability to consent for the organization: consent-admin-01

and will be able to log in and see Wizard's success page: wizard id success

With the selection of the "Grant on behalf of the organization" the no further steps are required, as organizational consent has been granted.

Google accounts

In the Google space, the claims Wizard ID requires do not trigger an elevated level of permissions, and generally users should have the ability to log in.

Single Sign-on with Wizard Software High DPI