This section is specific to DriveWorks 23 onwards, for earlier DriveWorks versions please see DriveWorks Pro Server.
Single Sign-On (SSO) is an authentication method that allows one account manager to sign users in to multiple independent software systems.
SSO allows users to maintain a single login and use it to login to different software tools. Administrators of different software tools, like DriveWorks, can register their applications with the SSO account manager that will be responsible for handling the login. Users can log in to DriveWorks by logging into their standard Windows Active Directory account, for example Microsoft Entra ID, acting as the SSO agent, will authenticate the user's login and validate the user for DriveWorks.
See What is single sign-on in Microsoft Entra ID? for more information.
SSO for Microsoft Entra ID is configured in the DriveWorks Pro Server Web Application, available on the machine running DriveWorks Pro Server.
After opening the Pro Server Web Application, select Single Sign-On.
Single Sign-On is configured in three stages:
Login to the DriveWorks Group that you wish to map to Microsoft Entra ID. This will need to be an Administrator user for the selected DriveWorks Group.
If you are already logged in to the Group, with an Administrator user, you will navigate straight to the SSO page.
The information in this section specifies the Microsoft Entra Tenant/Client with which DriveWorks will connect for SSO authentication.
The following credentials are required to integrate with your Microsoft Entra ID.
These credentials are obtained when configuring Microsoft Entra ID during App Registration.
NOTE: If you require help obtaining these values, you will need to consult with your IT department or the entity that manages your Microsoft Entra ID instance.
Once you have obtained these values, press Configure at the top of the SSO page. Enter the values and press Save.
If you need to clear these settings, you can press Configure, then Delete.
The table on the left hand side shows the DriveWorks users for the DriveWorks Group selected in the Group Login section.
Selecting a DriveWorks user will then populate the Microsoft Entra ID Table on the right hand side, allowing you to map the DriveWorks user to one or more AD users.
Select the checkbox(s) required and then press Save. You can select multiple mappings to batch save.
Alternatively, selecting Cancel will cancel all changes.
Green rows indicate newly added user mappings, while red rows indicate user mappings to be removed.
Amber rows indicate a mapping conflict, specifically that an Entra ID is being mapped to more than one DriveWorks user. You cannot Save until the conflicts are resolved.
The Play/Pause button controls whether the connection to the Microsoft Entra ID client is active or paused. The button will display a pause icon when it is active. Click the pause icon to pause the connection. Click the play icon to resume the connection.
In order for DriveWorks to connect to Microsoft Entra ID with the client information provided, you will need to ensure that the following permissions are set in the API Permissions section of the Microsoft Entra ID application to which you are connecting:
This Allows DriveWorks to read user profiles without a signed in user. This is required in the Pro Server Configuration Tool Directory Synchronization area. Granting this requires the consent of the Microsoft Entra ID administrator.
When logging into a Group that has SSO credentials configured, the login popup window will appear differently.
The user will now be offered an option to log in with Azure Active Directory (which is Microsoft Entra ID) or use a DriveWorks User Name and Password.
The following steps are required to configure an Microsoft Entra ID for use with the DriveWorks Single Sign-On feature.
From the Azure Portal home page, select Microsoft Entra ID then App Registrations.
The Name given to the App Registration should be something meaningful to yourself.
The Optional Redirect URI field can be left empty at this stage.
Once created, make a note of the following:
These two GUID’s will be provided in the Microsoft Entra ID Configuration section of DriveWorks Pro Server SSO Credentials, so a connection to Microsoft Entra ID can be established.
Each platform type that is to use SSO is required to be added.
The applicable platform types are:
Used for logging into a Shared Group from all DriveWorks desktop based modules.
Used for logging into a web based DriveWorks solution through the DriveWorks Live Integration Theme.
See Using SSO with DriveWorks Live below.
To Add a platform
For Web authentication:
For example:
https://[SERVER_URL]/api/[GROUP_ALIAS]/oauth2/token
The values entered above are case-sensitive.
To allow the Integration Theme to use SSO an additional element is required to be added to the DriveWorksConfigUser.xml file.
See Using SSO with DriveWorks Live below.
Ensure the permissions detailed in Microsoft Entra ID Configuration (above) are set in the API Permissions section of the Microsoft Entra ID application to which you are connecting.
In order to use SSO with DriveWorks Live, you will need to use the Integration Theme. This contains a Javascript function (loginSSO) that will consume the client secret from the Group Alias.
To set your Integration Theme site to use SSO, you will need to add the following code inside the sharedGroupAlias element of the DriveWorksConfigUser.xml.
See Group Connection Settings for more information.
<identityProviders> <azure> <!-- Note: This is the same secret you add to the Pro Server Config Tool --> <clientSecret>InsertSecretHere</clientSecret> </azure> </identityProviders>
An example of this code in place would look like this:
<connections> <sharedGroupAlias name="DriveWorksAlias" serverAddress="ProServerMachine" groupname="GroupName"> <identityProviders> <azure> <!-- Note: This is the same secret you add to the Pro Server Config Tool --> <clientSecret>InsertSecretHere</clientSecret> </azure> </identityProviders> </sharedGroupAlias> <connections>
To use SSO to login to the DriveWorks Example Sites, the login method is required to use loginSSO.
This is done by changing the line below:
In the login.js file find the following line:
// Start session const result = await DW_CLIENT.loginGroup(GROUP_ALIAS, userCredentials);
And change it to this:
// Start session const result = await DW_CLIENT.loginSSO(GROUP_ALIAS);
You will only need to pass in the Group Alias into this method.
Can I use DriveWorks Logins alongside SSO logins?
How can I log in with a different Windows user?
Does configuring the SSO in the Pro Server Configuration enable users to use SSO in all DriveWorks modules?