How to set up SSO for Link 3

This article describes the steps needed to set up SSO authentication for your Link 3 tenants.

Proloque

Customers are able to enable SSO authentication via Microsoft Entra ID accounts for their Link 3 tenants.

The setup requires a collaboration between the customers Entra ID Administrator team and their respective Bizbrains Techinal Account Manager, also referred to as a “TAM”.

Prerequsites

Entra ID in Microsoft Azure
Microsoft accounts
Entra ID Administrator permission to be able to do the following:
- Create Entra ID groups
- Assign membership to said Entra ID groups
- Grant access to Bizbrains' Link enterprise application to allow for authentication with the use of the customers Microsoft accounts

How to guide

Create 3 groups in Entra ID. The groups must reflect the access level to Link that a user would be granted. The naming convention is entirely up to you to decide. We recommend the following naming convention to ease visability:
1. Link_Environment_Admin = The group that would grant admin access in Link.
2. Link_Environment_Editor = The group that would grant editor access in Link.
3. Link_Environment_Viewer = The group that would grant viewer access in Link.
4. The convention would be applied for Prod, Test, Dev, Sandbox & QA environments
Assign the users to their respective permissions group. Users that would need “Admin” access in Link, should be a member of the group “Link_Environment_Admin”. Same applies for the other access levels.
1. Remember to grant the users memberships to all the different environment groups that have been created.
Once created, reach out to your assigned Technical Account Manager (TAM) and provide them with the information of the names of the different groups you have created in your Entra ID.
1. It is very important that the group names you provide to your TAM is the exact name you provided when you created the groups, or the authentication will fail
The TAM will now add the groups to your Link tenant. Once added, the TAM will let you know they have been added.
When you have received the message from your TAM, try and sign in to your Link tenant with Microsoft authentication. You will likely be met with a prompt saying you do not currently have access to this application, and that the access needs to be allowed by your Entra ID administrator. This is a security measure most Entra ID Administrators have configured in their Entra ID Tenant. If you do not see this prompt, continue to step 6.
1. The application name that you are connecting to is “Link”. The applicationID in Entra ID is: 7d95bd38-d8e6-4046-9223-10a3490d75f0.
2. Submit a request to be allowed access to this application along with a reasoning via the prompt.
3. Once submitted, your Entra ID administrator needs to grant consent to this application. This is done by doing the following:
  1. Entra ID → Enterprise applications → Admin consent requests. They will see you as a submitter. The application name is “Link” and the ID of the application is as mentioned.
  2. When the access has been granted, your Entra ID Administrators needs to add the Link access groups created earlier to the “users and groups” section of the enterprise application to allow those users/groups access to the application.
Sign into the Link portal once again. This time you should be met with a “Tenant does not have access…” error. When you have received this error, contact your Technical Account Manager once again and let the person know that you are seeing this message. The Technical Account Manager will the grant your Tenant access to authenticate with Link using your Microsoft Entra ID Tenant.
1. The sign in step must be repeated for EVERY environment of Link you have. (Prod, Test, Dev, Sandbox & QA)
When the Technical Account Manager has granted your Entra ID Tenant access, they will let you know, and you will now be able to sign in to your Link tenant, using Microsoft Authentication.