Introduction
Our products use Azure Active directory authentication to connect the user to the applications. All specifics configuration made on your authentication will be automaticaly used by our products. All our products use Single Sign-on to connect the user to the applications.
By default, users will execute all actions with delegated privilege. That means that all users cannot perform action without the right set into Microsoft 365 to ensure the best level of security.
Administrators can have upper rights as explained in the different products.
Authentication flow
- When a user visits the application and needs to sign in, they are redirected via a sign-in request to the authentication endpoint in Azure AD.
- The user signs in on the sign-in page.
- If the authentication is successful, Azure AD creates an authentication token and returns a sign-in response to the Powell application’s Reply URL that was configured in the Azure Portal. For a production application, this Reply URL should be HTTPS. The returned token includes claims about the user and Azure AD that are required by the application to validate the token.
- The Powell application validates the token by using a public signing key and issuer information available at the federation metadata document for Azure AD. After the application validates the token, Azure AD starts a new session with the user. This session allows the user to access the application until it expires.
Powell Intranet
Introduction to right management
Powell Governance
see Authentication & Security access