Verbinden Sie Desk-Net mit Azure AD (MS Entra ID) [Beitrag nur auf Englisch verfügbar] – Desk-Net Support

You can now connect your content calendar Desk-Net with Azure AD.

Please note: Microsoft announced it will have renamed "Azure AD" to "MS Entra ID" by the end of 2023.

How to Set Up Single Sign-On with Azure AD for Desk-Net?

Your company needs to be both an Azure AD user as well as a Desk-Net customer.
Your Desk-Net subscription must include access to the SAML security features. You get access to these features by purchasing the Support & Security Package. If you are a large enterprise customer this will likely be included in your package.
As a result you need to be eligible to access the Security page in Desk-Net.
Please contact Desk-Net Sales if you are interested in this feature, but don't have access to it.

Follow these steps in Azure Portal (you need to have admin rights for this):

Log in to the Azure Portal and navigate to the Azure Active Directory.
Click on "App registrations" and then click "New registration".
Enter a name for your application and select "Web" as the type of application you want to create.
Enter the Sign-On URL for you application in the "Redirect URL" field.
Single Sign-On URL: https://desk-net.com/startPage.htm AND https://desk-net.com/m/mobile.htm
Under "Supported account types", select the types of accounts that you want to allow to sign in to your application.
Click "Register" to create the application.
Navigate to the "Endpoints".
Look for the "Federation metadata document" endpoint in the list of endpoints. The URL for this endpoint should look like this example: "https://login.microsoftonline.com/{TENANT-ID}/federationmetadata/2007-06/federationmetadata.xm".
[Note that the URL contains "{tenant-id}", which represents a placeholder for the unique identifier (tenant ID) of each organization in Azure AD. Every organization has its own tenant ID, which needs to be replaced with the specific value for "{tenant-id}" in the link for it to work properly.]
Copy the URL for the WS-Federation sign-on endpoint.

Once you have done this, switch over to Desk-Net for the easy setup:

Access the Security page in Desk-Net.
In the Azure AD section enter the following data:
- Domain name (e.g. "acme-publishing"). It must be unique to avoid duplication.
- Metadata URL (the URL for the WS-Federation sign-on endpoint which you copied a few steps earlier)
Test the connection by clicking on Test Connection.
Click Save at the bottom of the page and you are all done.

Note: Two different SSO options, such as ADFS and Azure AD (MS Entra ID), can easily be used simultaneously.

For the first login after the Azure AD connection has been set up users access Desk-Net via the usual login page.

On that page they find a button with Azure AD. They are then prompted to enter the domain name that's related to their Azure AD account.

Please check the special page with a list of potential SAML error messages.