User manual

Single Sign On

With yve Single Sign On (SSO) you can use your Microsoft company account to log in to yve as a user. yve uses OAuth2.0 technology for SSO to log in via your Microsoft Azure account.
 
With SSO, users only need to log in once with their company account. You get full control over user access to yve via your Azure company account. If you have 2-factor authentication in your company account, this will also be used when logging in to yve.
 
The following steps are necessary for setup:
  • Your IT creates a company app 'yve-tool' in your company Azure, which supplies the app ID.
  • Your IT then creates a 'secret' for the yve app, which provides the secret key.
  • Your IT creates the 'openid, profile and email' permissions for the yve app.
  • Your IT sets the callback URI for the yve app (the accountname is your subdomain in yve):
    • https://accountname.yve-tool.de/users/auth/azure_activedirectory_v2/callback
  • Your IT creates users for the yve app who should have access.
  • You also create these users in your yve account, as they are not created automatically.
  • Your IT will provide us with the following information at support@yve-tool.de:
    • client_id (the ID of the yve app)
    • client_secret (the secret key)
    • tenant_id (your Azure account ID)
  • We will then set up access to yve for you. For this we can allow both login types (SSO + login) or only SSO
SSO is only available for yve users, not for contacts.