Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  1. Fotoware Alto
    • 11.14 Schreckhorn
    • Terminology
    • Solutions
    • User Guide - Deutsch
    • User Guide - English
    • API Changelog
  2. Fotoware Veloz
    • Managing users and groups
    • Configuring archives
    • Configuring workflows
    • Configuring site behavior
    • Navigating and searching to find your assets
    • Working with your assets
    • Editing asset metadata
    • Uploading files
    • Version Control in Fotoware
    • Albums - Creating and sharing collections
    • Placing assets in a CMS
    • Working with the Fotoware Pro interface
    • Using the Fotoware plugins
    • Consent management
    • User guide to FotoWeb for iPad (Legacy)
    • Picture conferencing with FotoWeb Screens (Legacy)
    • What's what in Fotoware
    • GDPR
    • Fotoware Veloz releases
    • Activity Exports
    • Fotoware Example Workflows
  3. Fotostation
    • Getting started with Fotostation
    • Viewing, selecting and sorting files
    • Managing your assets with archives
    • Adding metadata to assets
    • Searching for assets
    • Working with your assets
    • Version Control in Fotostation
    • Automating tasks with Actions
    • Configuring metadata fields and editors
    • Configuring Fotostation
    • Configuring Fotostation for multi-user environments
    • Troubleshooting Fotostation
  4. Fotoware Flow
    • What is Flow?
    • Getting started
    • Flow dictionary
  5. Fotoware On-Premises
    • Getting started
    • Index Manager
    • FotoWeb
    • Color Factory
    • Connect
    • Operations Center Guide
  6. Integrations and APIs
    • The Fotoware API
    • Creating integrations using embeddable widgets
    • Authorizing applications using OAuth
    • Auto-tagging
    • FotoWeb Drag and Drop export
    • Integration using webhooks
    • Optimizely and Episerver plugin documentation
    • User Interface Integrations
  7. Fotoware Mobile
    • User guide for Fotoware Mobile for iPhone and Android
    • User guide to FotoWeb for iPad (Legacy)
    • User guide to FotoWeb for iPhone and Android (Legacy)

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support

Table of Contents

Microsoft Entra ID integration Prerequisite Configuring SSO with Microsoft Entra ID Adding the Fotoware application to the Azure portal Assigning permissions to the application Creating the application secret Adding Microsoft Entra ID information to the Fotoware Site Configuration Adding the information to the Fotoware tenant in FotoWeb Settings Groups and access control for Microsoft Entra ID
  • Home
  • Fotoware On-Premises
  • FotoWeb
  • Managing users and groups (On-Premises)
  • Configuring authentication providers and single sign-on in FotoWare (On-Premises)
  • Microsoft Entra ID integration and SSO (On-Premises)

Setting up SSO with Microsoft Entra ID

30. April 2025

Elaine Foley

Table of Contents

Microsoft Entra ID integration Prerequisite Configuring SSO with Microsoft Entra ID Adding the Fotoware application to the Azure portal Assigning permissions to the application Creating the application secret Adding Microsoft Entra ID information to the Fotoware Site Configuration Adding the information to the Fotoware tenant in FotoWeb Settings Groups and access control for Microsoft Entra ID

Microsoft Entra ID integration

Note: Microsoft ended support for Azure Active Directory Authentication Library (ADAL) in June 2023.

All 8.0 versions of FotoWeb On-Premises use the Azure Active Directory Authentication Library (ADAL) for Single Sign-on (SSO) with Microsoft Entra ID. FotoWeb 8.1 uses the newer Microsoft Authentication Library (MSAL) and is therefore supported by Microsoft. For security reasons and to ensure that SSO will continue to work, we recommend that all customers using FotoWeb On-Premises 8.0 and SSO with Microsoft Entra ID update to the FotoWeb version 8.1.

Microsoft Entra ID (formerly Azure Active Directory) integration supports organizational and personal Microsoft accounts. Access control and assignment of groups and user licenses are either group-based or role-based access control. 

Tip: The Microsoft Entra ID integration uses the Open ID Connect protocol and is recommended because it is the easiest to set up. If more advanced customization is required or additional user information needs to be imported from the directory, you can use SAML with Microsoft Entra ID. 

The following user properties are imported from the directory. Currently, these cannot be configured, and all of these fields must have values: 

  • Username
  • First name
  • Last name
  • Email address

Prerequisite

Connecting clients to Microsoft Entra ID requires a secure connection, so Fotoware must be configured with TLS (HTTPS) and a trusted certificate. For more information, see Configuring Fotoware for secure connections.

Configuring SSO with Microsoft Entra ID

Adding the Fotoware application to the Azure portal

  1. Log in to the Azure portal and open Microsoft Entra ID.
  2. Select Add > App registration. 
  3. Enter a name for the application. 
  4. Select Web from the Select a platform drop-down list. 
  5. Select the Redirect URI that your application uses. For single sign-on to a Fotoware site, the URL must have the following format: 

https://<site hostname>/fotoweb/auth/signin-oidc

Example: https://contoso.fotoware.cloud/fotoweb/auth/signin-oidc

 Alternatively, you can copy the URI (https://internalpreview.fotoware.cloud/fotoweb/auth/signin-oidc) from the Single Sign-on settings for the site. (Go to Site Configuration > Security > Single Sign-on).

  1. Select Register.

Tip: After creating the application registration, open the Overview section for your newly registered application to retrieve the Application ID (see the example below). You need this ID for the Fotoware Microsoft Entra ID configuration in the site configuration later.

Note: If you previously enabled implicit grant for ID tokens (in the Authentication section) for Fotoware 8.0, we recommend that you disable this option for Fotoware 8.1. 

Assigning permissions to the application

  1. Open the API permissions view for your application and select Add a permission.
  2. Use Microsoft Graph and add the User.Read Delegated permission.
    When using group-based access control, you must add access to the directory as the signed-in user (Directory.AccessAsUser.All). This is not necessary if you are only using role-based access control. 
  1. Select Save to update the permissions.

Creating the application secret

  1. Open the Certificates & secrets view for your application. You can find this in the same menu as API permissions above or as a link in the Overview section.
  2. Select New client secret. 
  3. Enter a description (simply a label) in the Description field. 
  4. Select a duration from the Expires drop-down list. For security reasons, a key can be valid for a maximum of two years.
  5. Select Add to create the client secret. Then, copy it to the clipboard and paste it into the Application key field in the Microsoft Entra ID settings in the Operations Center.

Note: It is the customer's responsibility to replace the application key before it expires. Because the validity of application keys varies, it's practical to set a reminder in your maintenance calendar to replace the key before it expires. If the key does expire, users will temporarily lose access to the system. 

Adding Microsoft Entra ID information to the Fotoware Site Configuration

Make sure you have the necessary information from the Azure portal before proceeding:

Application Id -You can find this in the Overview section.

Application Key - The secret generated in the Azure portal.

Authority -This is the URL of the Microsoft Entra ID authentication service. Typically, it is https://login.microsoftonline.com (the global Microsoft Entra ID service), but this can be different when using different authentication providers.

Directory ID -You can find the Directory ID in the Overview section, next to the Application ID.

Microsoft Graph Authority - This is the base URL for Microsoft Graph, which is used to retrieve user and group information.

Adding the information to the Fotoware tenant in FotoWeb Settings

  1. In the FotoWeb Settings app, open Sites. 
  2. Select Configuration for the site in question.
  3. Go to Security > Single Sign-on.
  4. Turn on the Enable Single Sign-on toggle.
  5. Enter the Application ID, Application Key (called Client Secret in the Azure portal), andDirectory ID values and save the changes.

Groups and access control for Microsoft Entra ID

Next, you need to import groups from Microsoft Entra ID to give them access to Fotoware. You can then assign access to Fotoware archives and actions using the imported groups.

 
 
single sign-on microsoft

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Indexing PDF documents
  • Selecting metadata to log
  • Preserving metadata on upload
eco-lighthouse-miljøfyrtårn

Company

  • About us
  • Resellers
  • Careers
  • Contact us

Help & support

  • Support center
  • Consultancy
  • Tech partners
  • Fotostation
  • System status

Trust Center

  • Legal
  • Security
  • Sustainability & ESG

Locations

Fotoware AS (HQ)
Tollbugata 35
0157 OSLO
Norway
FotoWare Switzerland AG
Industriestrasse 25
5033 Buchs (AG)
Switzerland

Copyright 2025 Fotoware All rights reserved.

  • Terms of service
  • Privacy policy
  • Cookie policy

Knowledge Base Software powered by Helpjuice

Expand