Microsoft Single Sign On
HirePOS allows you to sign on with your Microsoft account, which includes work or school accounts, personal Microsoft accounts, and Office 365 subscriptions. This give you access to Microsoft identity platform features such as passwordless sign in and MFA (Multi Factor Authentication). MFA also includes tools like Apple's Face ID (facial recognition technology) used in conjunction with the Microsoft Authenticator app.
Currently you must set up any new HirePOS user account as per the help doc Invite New Users [with Video]. You can then connect your Microsoft user account to the HirePOS user account. Once you sign into HirePOS with Microsoft, the Single Sign On method will then be enforced, and you can no longer use your HirePOS username and password to sign in.
You will not be able to sign in via the old azurewebsites.net URL's. Change your bookmarks if required.
Connecting an existing HirePOS account with your Microsoft account
- Once the account is set up, you can login with your Microsoft account, which must have the same user principal name (email address) as your HirePOS user account.
- The user will encounter a ‘Login Failed’ Page and will continue to do so on subsequent attempts until the following steps are completed.
- A notification email is sent to your primary business email, which lists your business name and primary (admin) email along with the user and email that is attempting to sign on with Microsoft.
- If this looks right, and you are expecting this user to sign in with Microsoft, then in HirePOS you need to go to Setup > Preferences > Users. Note the user will show as Unconfirmed under the SSO column in the Users list.
- Click the user to edit. You will see an alert banner which states that the user is attempting to login with their Microsoft account, and that you need to confirm.
- If you're expecting the user to sign in with Microsoft, then check the Confirm user and allow access? box.
- Ensure the Roles and Permissions are appropriate, then scroll down and Save Changes. Note that you should also have a matching Staff member with the same email address.
Now the connection with the Microsoft account is confirmed, the user can now log in as required. The SSO column in the user list will show as Enforced, and the user must sign on with Microsoft going forward. Also note that in the Recent Logins tab, the SSO column will show that the user logged in with Microsoft.
Signing in with a Microsoft account that is not connected to a HirePOS account
If you attempt to sign in with Microsoft and the login is not connected to HirePOS, then you will be redirected to a page with a Login Failed heading.
You can return back to the Login screen or you can sign out of your Microsoft account. You must sign out of the Microsoft account in order to sign in with a different Microsoft account, in the case where you signed in with the wrong account for example.
Signing in when your HirePOS account has been made inactive
If your HirePOS account has been made inactive, and you attempt to sign in with your Microsoft account, you will be redirected to a page with a User Inactive heading.
You can return back to the Login screen or you can sign out of your Microsoft account.
If you return back to the Login screen without signing out of your Microsoft account and attempt to sign back in again with Microsoft then you will automatically be signed in with the same Microsoft account. You will not be presented with the Microsoft account to sign back in with. So in this case, you would need to click the Microsoft Logout button to completely sign out of your Microsoft account.