Integration with Azure Active Directory is implemented by importing Azure Active Directory (AAD) / Office 365 objects to Digital Workspace Platform (DWP).
This page is intended for the system Administrators and provides links to the pages where you can find how to configure user account import from Azure Active Directory / Office 365 and use these existing accounts for login in to Digital Workspace Platform.
Azure Active Directory (AAD) / Office 365 integration is available from 9.1.3 release version as Technical Preview. The official release was announced with 10.0.1.
Please contact Product Management when the feature is going to be used on Production in Technical Preview status.
In this section, you may find how to configure the Matrix42 Digital Workspace Platform (DWP) to let your end-users login to the Self Service Portal with an Azure Active Directory (AAD) User by completing the following steps:
- Registering DWP application on Azure portal is a common step for Azure Active Directory integration;
- Configuring Authentication with Azure AD Account depending on AAD subscription type on the examples of Free subscription and Premium P2 license.
- Configure import and login with Azure Active Directory in Digital Workspace Platform (DWP).
Depending on the DWP version the configuration and login settings differ.
DWP 9.1.3 / 10.0.0 [Technical Preview]
DWP 9.1.3 / 10.0.0 TP includes only one option and configuration for AAD login:
- Configuring the Azure AD Data Provider in DWP with the credentials generated as a result of the application registration on Azure portal;
- Configuring SAML2 authorization in DWP global setting using appropriate endpoints and certificate information based on the current AAD subscription type.
DWP 10.0.1 or higher
DWP 10.0.1 allows configuring integration via a single wizard that includes all necessary settings and allows adding as many login options as necessary. The wizard includes the following settings:
- Configure connector using data from the Azure Portal registered application;
- Define Users and Groups import settings;
- Configure login (if enabled) according to the Azure Portal authentication settings.
When these steps are completed the wizard allows you to test the connection and in case of success immediately run the import.
Azure AD B2C is supported by DWP Azure Active Directory Data Provider since 10.0.1 release.
The configuration flow is the same both for single-tenant and multi-tenant account types, depending on the application configuration on the Azure portal.
Single-tenant and multi-tenant account types
With DWP 10.0.1, you can configure your application to accept sign-ins from any Azure Active Directory (Azure AD) tenant. This configuration is called making your application multi-tenant and involves the following adjustments:
- Updating your application registration in Azure portal to be multi-tenant
- Changing the Single Sign-On URI Endpoint to
- Adjust Service Provider Issuer Name to the endpoint that handles multiple issuer values
- The tenant administrator must accept the consent on behalf of the organization during the first login.
All configuration steps and examples are described in detail on the corresponding pages:
- Azure Active Directory Tenant with Admin Access
- Matrix42 Digital Workspace Platform Instance with Admin Access
Try to avoid using Azure Active Directory provider together with MyWorkspace Data Provider as duplicate users might be created.
Supported Authentication Protocols for Identity Providers:
After setting up the SAML2 Integration, please make sure technically any user needs to be introduced from your Azure Tenant to the Digital Workspace Platform User Management. This will enable employees to login with their existing AAD User to Digital Workspace Platform (e.g. Self-Service Portal). Matrix42 AAD Data Provider enables you to import all AAD Users to your Digital Workspace Platform Instance.
Software and Licences
Azure Active Directory comes in four editions—Free, Office 365 apps, Premium P1, and Premium P2.
Azure Active Directory Basic subscription is no longer available for purchase by new customers but existing Azure AD Basic customers will still be able to continue to use it.
All types of subscriptions support AAD integration, for instance:
- By default, all subscriptions have integration by e-mail.
- Premium subscription additionally allows customizing the login and matching claims between DWP and Azure AD.
With a Free subscription, the data provider operates with a shared certificate from Azure Tenant, which causes certificate expiration every 6 weeks. In this case, the configuration of the Azure AD data provider needs to be updated when expiration happens