Single Sign-on

Maytas Hub can be configured so that users can login using their Azure Active Directory or Azure B2C accounts. There are separate setups for each of these options, detailed below.

When either or both of these single sign-on options are enabled, users are also still able to login with their Maytas Hub web user account.

This page is for configuring SSO for Maytas Hub. To configure it for Maytas, please follow the Maytas SSO guide.

Login Using Azure Active Directory

This can work alongside the Azure B2C single sign-on system in Maytas Hub, so that if both systems are configured then it will be possible to login to Maytas Hub using either an Azure AD or an Azure B2C account.

It is possible to login to Maytas Hub using credentials from an Azure AD account. First this needs to be configured, which requires your Azure AD client ID, client secret and tenant (your Azure AD system administrator should be able to provide these values):

  1. In Maytas Hub, go to Settings on the sidebar.
  2. Click the System configuration button.
  3. Go to Admin on the left (under the Maytas Hub Online header).
  4. Scroll down on the right to the Single Sign On section.
  5. Tick the boxes for the four Azure AD settings and enter their values:
    • Azure AD Authority - This should be set to https://login.microsoftonline.com/{0}/oauth2/v2.0
    • Azure AD ClientId - Value provided by administrator
    • Azure AD Client Secret Value - Value provided by administrator
    • Azure AD Tenant - Value provided by administrator
  6. Click Save.

Next, each user who needs to login using this feature must have the email address associated with their Azure AD account entered against their Maytas Hub web user account:

  1. Go to Web User Editor on the sidebar.
  2. Search for and open the required user.

  3. Under Basic Details, enter the Azure AD email address in the Single Sign On Email box.

  4. Click Save.

The login screen will now include a Sign in with Microsoft option, which can be used by configured users to login to Maytas Hub using their Azure AD credentials.

If you have configured single sign-on for both Azure AD and Azure B2C, there will be two separate login buttons: Sign in with Microsoft will use Azure AD and Log in with Organisation Account will use Azure B2C. If you have only configured one of the options, only the Sign in with Microsoft button will appear.

Finally, the return URL and platform type in Azure must be set. The return URL must be set to your Maytas Hub URL with /account/azurelogincallback added at the end. For example, if your Maytas Hub URL is https://myserver/MaytasHub then the return URL would be:

https://myserver/MaytasHub/account/azurelogincallback

The platform type must be set to Web.

For further details on configuring Azure, see here.

Login Using Azure B2C

Maytas Hub users can link their Hub user account to an Azure B2C user, so that the Azure B2C credentials can be used to login to Maytas Hub.

This can work alongside the Azure AD single sign-on system in Maytas Hub, so that if both systems are configured then it will be possible to login to Maytas Hub using either an Azure AD or an Azure B2C account.

First this needs to be configured, which requires your Azure B2C client ID, client secret and tenant (your Azure B2C system administrator should be able to provide these values):

  1. In Maytas Hub, go to Settings on the sidebar.
  2. Click the System configuration button.
  3. Go to Admin on the left (under the Maytas Hub Online header).
  4. Scroll down on the right to the Single Sign On section.
  5. Tick the boxes for the four Azure B2C settings and enter their values:
    • Azure B2C Authority - This should be set to https://login.microsoftonline.com/{0}/oauth2/v2.0
    • Azure B2C ClientId - Value provided by administrator
    • Azure B2C Client Secret Value - Value provided by administrator
    • Azure B2C Tenant - Value provided by administrator
  6. You can additionally set the Hide Native Login option to ON to prevent the native Maytas Hub login option to appear so that only the Microsoft login option appears.
  7. Click Save.

Next, each user who needs to login using this feature must have the email address associated with their Azure B2C account entered against their Maytas Hub web user account:

  1. Go to Web User Editor on the sidebar.
  2. Search for and open the required user.

  3. Under Basic Details, enter the Azure B2C email address in the Single Sign On Email box.

  4. Click Save.

The login screen will now include a Sign in with Microsoft option, which can be used by configured users to login to Maytas Hub using their Azure B2C credentials.

If you have configured single sign-on for both Azure AD and Azure B2C, there will be two separate login buttons: Sign in with Microsoft will use Azure AD and Log in with Organisation Account will use Azure B2C. If you have only configured one of the options, only the Sign in with Microsoft button will appear.

Finally, the return URL and platform type in Azure must be set. The return URL must be set to your Maytas Hub URL with /account/azurelogincallback added at the end. For example, if your Maytas Hub URL is https://myserver/MaytasHub then the return URL would be:

https://myserver/MaytasHub/account/azurelogincallback

The platform type must be set to Web.

For further details on configuring Azure, see here.