Skip to content
English
Customer portal
Go to fldata.com
  • There are no suggestions because the search field is empty.

SSO Azure Connection

Frontline uses a Microsoft Azure B2B connection to securely collaborate with users and partners outside of our organization. With a B2B connection, an external user is invited to sign in to our Azure AD organization using their own credentials.

 

User Login Workflow

1. The user will visit EHS Client Site. If the SSO is enabled for the client, then the user will be redirected to EHS Azure SSO Service.
2. EHS Azure SSO Service takes the user to a Microsoft login screen, where he/she inputs their email address.
3. Based on user domain, Microsoft login may or may not take the user to an IDP login screen where he or she is authenticated.
4. Once the user is authenticated on their IDP, they’re redirected back to Microsoft login with required claims values. These values are then passed back to EHS Azure SSO Service. EHS Azure SSO Service passes the user email to the EHS Client in the form of encrypted token in query string.

Important:
1. Users must exist in both the FLDS Azure AD Tenant Directory and in EHS Client for a successful workflow.
2. With the latest update, users will now have to accept an email invite to join the system. If they don’t accept the invite, they won’t be able to log into EHS using FLDS SSO.
3. While adding users in EHS, we now can restrict users to have only specific domains defined in EHS Admin.

Troubleshooting:

  • If the user does not exist in FLDS Azure AD Tenant Directory, then he or she will get an error on the Microsoft Login screen. To fix this issue, Frontline will have to send an invitation to the user from FLDS Azure AD Tenant. Once the user accepts this invitation, they’ll be able to access the system. Note: The invite from Microsoft does not expire.
  • If the user exists in FLDS Azure AD Tenant Directory and does not exist in EHS Client, then he or she will see error on EHS site that the user does not exist in the system.

User Logoff Workflow:

1. User clicks “Logout” button in the EHS Site.
2. User is logged out from the EHS Site and is redirected to FLDS Azure AD Service. This sends the user to Microsoft Logout service, which in turn sends them to the Identity Provider (IDP) logout service.                       

        -Once the user is logged out from Identity Provider (IDP), they are redirected back to FLDS Azure AD Service which in turn redirects them back to the EHS Site.