Setting up Entra ID SSO with Aerros

Introduction

Aerros currently offers support for Single Sign-On (SSO) through Microsoft Entra ID. This guide will walk through the most common flow to grant access to Aerros for users of your organization. If your company uses Microsoft Office 365, there is a good chance your organization is already set up for Entra ID SSO. This flow may also be applicable if your organization uses a third-party authentication service (such as Okta or Auth0) that is federated with Entra ID.

Although Aerros is not currently published in the Azure Gallery/Marketplace, this consent flow will manually add Aerros as an enterprise application to your Entra ID.

 

Requirements

  1. Your organization must be using Entra ID (or a federated authentication service already connected to Entra ID). If your organization uses on-premises Active Directory, please contact Aerostrat support for further assistance with setting up Microsoft Entra Sync/Connect.
  2. An Entra ID administrator to grant consent for Aerros to your organization.

Allowing users of your organization to access Aerros

1. Please ask your Aerostrat representative for the specific Aerros Consent URL that corresponds to your environment as each customer environment requires separate consent. This Consent URL format will look like this:

https://login.microsoftonline.com/common/oauth2/authorize?client_id={aerros_environment_client_id}

Parameter Description
{aerros_environment_client_id} The ClientID for the Aerros environment you are granting access to

 

Here is an example of a fully-formed URL to grant access to the Aerros production environment:

https://login.microsoftonline.com/common/oauth2/authorize?client_id=4e108c5a-c613-4eba-86a5-bd0e9e608e01

2.  Visit the Aerros Consent URL provided in step 1, and sign in with your organization account (this user must be an Entra ID administrator). After signing in, you will be brought to a consent page that should look similar to the screenshot below. 

AzureADConsent.PNG

This consent page outlines the type of access that Aerros needs to your organization directory. Aerros requires read-only access to the security groups in your organization so that it can link User Roles within Aerros to security groups in your organization. This allows you to control which users in your organization has access to various features of Aerros.

3.  Finally, click Accept to allow users of your organization to access the desired Aerros environment.

4.  After consenting you will be redirected to a blank page. This is expected behavior and not an indication of failure.

Setting up Entra ID Security Groups to manage user roles in Aerros

Setting up Entra ID security groups to manage user roles allows your organization to control user access to various features in Aerros. This is the recommended approach to manage user roles because it allows organizations to grant and revoke user access and roles without contacting Aerostrat. This allows users in your organization to request access to Aerros through your existing IT request system.

1. Navigate to your organizations Entra ID Management portal. This is typically found at:
https://portal.azure.com

2. Navigate to the Groups management page. It will look similar to this screenshot:

AzureADGroups.PNG

3.  Add the following 5 groups that will correspond to user roles in Aerros:

Group Name Role Capabilities
Aerros Viewer View Production schedule
Aerros Planner

View Production Schedule
View/Edit Scenarios

Aerros Long Range Planner (LRP)
View Production Schedule
View/Edit Scenarios
Aerros Manager

View Production Schedule
View/Edit Scenarios

Aerros Administrator

View Production Schedule
View/Edit Scenarios
Manage Company Settings

 

4.  Lastly, add the users from your organization into each applicable group.

5.  Once you are finished, please forward the Security Group Names and Object IDs to your Aerostrat representative so that we can sync these groups to your Aerros environment.

If you have any questions about this guide, please contact Aerostrat Customer Support. 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section