Single Sign-On using MS Active Directory
Prerequisites
To use Active Directory SSO in any Manifest application:
- Your Manifest domain must first be configured to use your Microsoft Azure Active Directory. See how to configure Manifest to use your Azure AD here.
- You must sign in using the MS account configured for Azure AD in the Manifest domain.
- Users must first grand Manifest permission to access their MS account for sign in. This must be done in the Manifest Web application.
SSO on the Manifest Web Application
- Go to the Manifest Web application for your domain
- On the Sign in screen, select “Sign in with Active Directory” (located under the Sign in button)
- A window will appear prompting you to either pick an account or enter which Microsoft Account you are using to sign in. (This must be the MS user account enabled for Manifest)
- On first login, you will be prompted to grant permissions to the Manifest application to authenticate using your Active Directory, select “Accept”
- If successful you will be redirected to the Manifest Web application
SSO on the Manifest 3D Application
- Launch the Manifest application, and go to the Login window
- Enter your Manifest Domain name. (Note: unless you are pointing to a docker installation, there is no need to enter the full URL. You can simply enter in the subdomain name, e.g. Taqtile.)
- If your domain requires, you may also be prompted to accept an End User License Agreement.
- Check the box at the top of the Login window “User Microsoft Account”
- Select Login
- A window will appear prompting you to either pick an account or enter which Microsoft Account you are using to sign in. (This must be the MS user account enabled for Manifest)
- If successful, you will be redirected and logged into the Manifest application
Two-Factor Authentication (2FA)
If your Security Administrator has enabled Two-Factor Authentication for your domain and required it for your user account, you will be required to both set-up and then login using Two-Factor Authentication for all Manifest applications.
For initial 2FA set-up:
- Go to the Manifest Web application and login using your email and password
- Upon login, you will be prompted to scan a unique QR code using the Google Authenticator application or a similar application of your preference.
- The application should generate a temporary 6-digit code. Enter this code into the field as prompted.
- Select Verify
- If you have successfully logged in, then your 2FA set-up is complete! You will now be prompted to enter in the generated 6-digit code from this application for all future logins.
Login using 2FA on any application:
- Enter your email and password
- You will be prompted to enter in the unique 2FA key. Locate the current key for your Manifest account generated by your Authenticator application.
- Enter the 6-digit key
- Confirm
Troubleshooting with Two-Factor Authentication
- Token Error: The 6-digit code generated by the Authenticator application expires after one use and updates frequently. Please be sure you only use a single code one time and that you are using the most current generated code from the application.
- Can’t Access Authentication Codes: If you can’t access your authentication codes and need to reset your authentication settings, you will need to reach out to your System Administrator for assistance. Your System Administrator may have their own security protocol in place; however, one method to reset the user account is to disable two-factor authentication and then re-enable it again to allow the user to set up their 2FA again.
