This guide is for changing the setup of the SSO from the built-in ConnectWise SSO to Azure AD. To set up ConnectWise SSO, please visit this link. Please keep two instances of Manage open when configuring SSO to prevent locking yourself out of the system.
So I recently bit the bullet with linking my SSO to Azure AD. I had been putting this off for weeks until I realized exactly how simple this was! It took me around 15 minutes including testing and it was done.
How does it work?
A lot like ConnectWise SSO, you attempt to sign in to your ConnectWise Suite and you get prompted for your email address. You enter your business email address and it will then redirect you to Microsoft’s ‘login.microsoftonline.com’ webpage. You enter your credentials (and 2FA if you already have this set up) and then will ask if you want to remember this computer. I’ve then been able to log into the ConnectWise Portal, Control, Automate, Manage and Sell without any issues.
Firstly, browse to the ConnectWise Portal and log in as an Admin. Click on the Settings cog at the bottom left of the screen and select the Authentication tab. Select ‘Add new identity provider’ and enter a display name and description and make sure to copy the Redirect URI.
Now head over to the Azure Portal and log in as a Global Administrator. Open up Azure Active Directory and select App Registrations and select New. Create a name and select Accounts in this organizational directory only. Paste in you Redirect URI and select Register.
In the App Registrations, go back to the Overview page and copy the Application ID into the ConnectWise Portal as the Client ID. Select Endpoints and copy the Open ID Connect Metadata Document URL and paste that into the CW Portal as the Authority URL.
Go back to Azure Active Directory and select Authentication. Under the Implicit Grant tab, ensure to select the box next to ID Tokens.
Finally, within the ConnectWise Portal, select the users that you wish to sign in with Azure AD SSO and then Save your changes. Log out of any ConnectWise products and log back in using your Microsoft Office 365 credentials.
Personally, I love this. It’s such a simple thing to do that you can have working in under half an hour. This post explaining how to do it, actually took longer to create than doing it! It’s one less password to remember, fewer authentication servers to use and so on. Also, if you have 2 Factor Authentication on in Office 365 (You should for the Partner Security Requirements) this then adds that further level of protection to your CW account without using other services such as Duo or Google.