We use Azure Active Directory to authenticate user access to the Platform. We invite users as guests to our Platform’s Active Directory, and Microsoft automatically attempts to authenticate the user against their own domain. As part of this process each user will receive an email from Microsoft inviting them to access the Platform.
Some organisations and users may experience difficulty with Microsoft Azure authentication, depending upon their set-up and the extent to which they make use of Azure AD
- For organisations that use Azure Active Directory (AAD) and already have their users set up on AAD / Synchronised with their internal AD: Users should be able to access the Platform simply by using their company credentials. No further set-up is normally required (talk to us if your users already have MFA on their Azure AD accounts as this may clash with our settings)
- For organisations that use AAD but don’t have their users set up on AAD / synchronised with their internal AD: The organisation's administrator may need to set up users on their AAD. Once this has happened, users should be able to access the Platform simply by using their AAD credentials. If the organisation allows the “Viral” creation of user accounts, our experience is that these users may encounter issues when they first try to sign in to the Platform and provide their MFA information.
- For organisations that do not use Azure AD and their users do not already have Microsoft corporate accounts: Microsoft will automatically create a "Viral" tenant and user accounts based on the user's email domain/address. Users will need to set their passwords and provide MFA information when they first access the Platform. In this instance Whitespace will not have access to manage user passwords, but users should be able to reset their own accounts as required. The linked article describes how organisations can take over the management of these directories when / should the need arise.