Single Sign-On with Microsoft Account

Requirements

If you plan to use this integration, we strongly recommend that you host your MYOB Advanced instance (or instances) over HTTPS. For more information, see Setting Up an HTTPS Service in Web Server (IIS).

Configuration Steps

The configuration of SSO with Microsoft account for your MYOB Advanced instance consists of the following steps:

1. You register your MYOB Advanced instance with Microsoft Account and obtain the OAuth 2.0 credentials, including the client ID and client secret. For details, see To Register an MYOB Advanced Instance with Microsoft Account.
2. You enable SSO with Microsoft Account in your MYOB Advanced instance by using the client ID and client secret you obtained in the previous step, as described in To Enable SSO with Microsoft Account.
   Tip: You can enable and disable SSO with Microsoft Account for your MYOB Advanced instance at any time because MYOB Advanced uses SSO with Microsoft Account only for verifying user identities. Users can still authenticate themselves by using their MYOB Advanced credentials.
3. Optional: You activate SSO with Microsoft Account on the Users (SM201010) form for each user who will use his or her Microsoft Account credentials for authorization in MYOB Advanced. Alternatively, each user can activate SSO with Microsoft Account for himself or herself on the User Profile (SM203010) form. For details, see To Activate Your Google or Microsoft Account.
4. Users of your MYOB Advanced instance associate their MYOB Advanced accounts with their Microsoft Account credentials. They can do this in either of the following ways:
   • Users click the Associate User button on the User Profile form (for details, see To Activate Your Google or Microsoft Account). The system registers the unique user key associated with the user's Microsoft Account with the user's MYOB Advanced account. This way can be used if users activate SSO with Microsoft Account for their accounts on their own.
   • If the value of the selfAssociate parameter in the externalAuth subsection of the px.core section of the web.config file is true (which is the default value), users click the Microsoft icon () on the Welcome page of MYOB Advanced, and the system suggests that they enter the credentials of an MYOB Advanced user that should be associated with the Microsoft Account. This way can be used when you activated SSO with Microsoft Account for each user.
5. Optional: You can configure your MYOB Advanced instance to automatically redirect users to the Microsoft Account sign-in page, as described in To Enable Silent Logon.
   Tip: Before you turn on silent logon with Microsoft Account, ask your users if all of them can sign in to MYOB Advanced with their Microsoft Account credentials.

User Authentication

After you have integrated MYOB Advanced with Microsoft Account, users use single sign-on (SSO) with Microsoft services to sign in to MYOB Advanced. By default, the users follow these steps:

1. On the Welcome page of the MYOB Advanced instance, the user clicks the Microsoft icon () to open the Microsoft sign-in page.
2. On the sign-in page, the user enters his or her Microsoft account credentials.

To simplify the procedure, you can configure silent logon with Microsoft account. For more information, see To Enable Silent Logon.