Single Sign-on with Wizard Software
Wizard Software provides support for multiple single sign-on methods to Projecto and Performo. This page outlines the external identity providers that are supported as well as the claims required by Wizard Software.
Continue with Microsoft
Wizard Software uses Multi-tenant App Registrations to allow all of our customers to authenticate to Wizard Software solutions using their Work or School accounts. If your organization provides Work or School accounts managed by Microsoft, you should use this method of authentication for Wizard Software. It does not require configuration on the customer side. Only admin consent on behalf of the organization is required for Wizard ID to access the claims listed below.
- Multi-tenant App Registrations for SaaS Providers: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
Granting Organizational Consent
Some environments allow users to grant consent to the claims Wizard ID requires, and others require Organizational consent from an Administrator.
To grant Organizational Consent, follow these steps:
- Log in to the Azure portal.
- Click All services in the menu on the left and then search for Azure Active Directory.
- Once on the Azure Active Directory blade, choose Enterprise applications.
- Search for the Wizard ID app on the list by typing e.g., wizard in the search box. Once found, click to access its settings.
- Choose Permissions from the menu on the left and click the Grant admin consent for
{your tenant name}button.
- The pop-up to grant organization-wide consent will open. Choose your admin account and accept the permissions requested by the app.
Authorization and Conditional Access Policies
Once configured, Wizard ID shows up as an Enterprise App within your Azure portal and authorization, permissions, conditional access policies, and multi-factor requirements can be managed from within the Azure portal.
Continue with Google
Wizard Software uses Google Identity Services to allow customers with Google accounts to authenticate to hosted solutions such as Projecto and Performo.
- Sign in with Google: https://developers.google.com/identity/gsi/web/guides/overview
Claims Used
These claims are used by Wizard ID and Wizard Software.
Required Claims
Must be provided for any functionality to work.
- Subject ID
suborhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
- Email
emailorhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Optional Claims
These optional claims are used when provided in the id_token or available from the userinfo endpoint.
- Display Name:
nameorhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
- First Name
given_nameorhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
- Last Name
family_nameorhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname