Now when a user logs into Peoplevine, there's an option to login with MFA using Microsoft Azure Active Directory.
When clicking on Sign in With Microsoft, the user will be routed to Microsoft's authentication and prompt the user for their username and password.
Upon successfully authenticating with Microsoft, the user will be routed to Peoplevine where we'll confirm which accounts they have access to.
To setup Azure Active Directory Authentication, you need to login to Peoplevine using your basic account. Once logged in (as an administrator) you will be able to modify the users and enable Azure MFA login.
This can be done either automatically, by enrolling your tenant ID in Peoplevine, or by adding each users' Active Directory Object ID.
To add the Active Directory Object ID per user, go to Manage Users (as an admin) and edit the user (this can also be done on manually adding a user). You can then check to Enable authentication with Azure Active Directory and paste their object ID.
You can also check the box to force Azure MFA, meaning they can not login with a username and password. If this option isn't checked, then they will be able to authenticate with Azure Active Directory or with their email and password.
You can find the Active Directory Object ID for this user by logging into Azure and go to Azure Active Directory.
Click on Users.
Click on the User you want to enable Azure AD login with. This will now present you with both the User principal name along with the Object ID.
You will need to use the "user principal name" as either the email address or username on the user account and then copy the Object ID into the Active Directory Object ID section.
The first time the user logs in, they may need to confirm they are connecting through Peoplevine.
Instead of setting up each user individually, you can also register your Tenant ID under the company profile, to allow any user by e-mail address to activate and leverage SSO.
Once this is enabled, you just need to invite the user under Manage Users. Once they receive the invite, they'll be able to SSO to their account with Active Directory; no need to configure a password with Peoplevine.