About configuring servicesAbout device servicesSession Logon and Microsoft Entra ID

Session Logon and Microsoft Entra ID

To allow Microsoft Entra users to log in to ShareScan on Session logon form, you need to perform a configuration process that combines tasks in the Token Vault tool as well as in the ShareScan Administration Console and third-party interfaces.

Since this is a complex process, it is advised that you familiarize yourself with the high-level view as well as individual configuration tasks.

  1. Ensure that you have Token Vault installed along with ShareScan. (Verify if you must install the two programs on different servers - this depends on your deployment scenario).
  2. Configure the Token Vault application with HTTPS (on the Server settings page), Microsoft Entra authentication type (on the Authentication settings page) and configure also one-time passcode settings.

    Microsoft Entra users can log in to ShareScan on Session Logon form with their username and one-time passcode generated by Token Vault or an authenticator app set up on the Token Vault UI. When a user specifies the username and a one-time passcode on eCopy ShareScan Session Logon form, the Session Logon service verifies this credential with the help of Token Vault and if it is valid, then allow the user to log in.

  3. Go to the Microsoft Identity Platform (Microsoft Entra ID) admin center associated with your Microsoft 365 subscription and register a Microsoft 365 application for Token Vault.

    This step enables Token Vault to get authentication tokens for applications - such as eCopy ShareScan Session Logon service.

  4. Log in to Token Vault as an administrator, select the Manage authorization providers page, register a Microsoft 365 Authorization Provider and enable it.

    User and group data from Microsoft Entra ID will be retrieved using this authorization provider.

    In this step, Token Vault generates an Authorization Provider ID that you will need to use when configuring Session Logon service with Microsoft Entra ID in the eCopy ShareScan Administration Console.

  5. Log in to Token Vault as the service user to be used in Session logon configuration to retrieve user and group data from Microsoft Entra ID through Token Vault, and then authorize the new Authorization Provider on the Available authorization providers page.
  6. Launch the ShareScan Administration Console, go to Tools and specify Token Vault Settings as described here: Configure Token Vault Settings in eCopy ShareScan.
  7. Still in the Administration Console, configure Session Logon service with Microsoft Entra ID (using the service user who authorized the new Authorization Provider and the Authorization Provider ID of this provider that Token Vault generated previously).

At this point, logging in with Microsoft Entra users on Session logon screen is operational.