Skip to main content

Login with EntraID account

Available Environment

  • User PC is joined to windowAD.
  • Windows login accounts are synchronized with EntraID through ADConnect.
  • The user PC must be a device registered to the company domain.
  • To use WAM, you must have an app registered at portal.azure.com and obtain the clientID of that app.
  • Apps registered on portal.azure.com must have delegated consent for the default permissions with admin consent.

SSO operation with EntraID account

  • After logging in to document security, retrieve the user's EntraID using the ClientID set in the policy "sso:wamClientId".
  • Issue Shield ID user token with the corresponding account by querying EntraID
  • at Portal.azure.com{TenantId}Wow{clientID}Check.
  • When setting the runMode:sso, the item for additional options has an application priority where the "userDomain" option takes precedence.
    When using the wamClientId option, please set "userDomain":"none" or remove that item.

DS_MIP_INITItem Settings

{
"tid" : "{TenantId}",
"runMode" :"sso",
"sso": {
    "wamClientId": "{clientID}"
    }
}
//설정 예
{
"tid" : "e8c1b6e5-37ed-4c84-82e9-f5a02feddd85",
"runMode" :"sso",
"sso":{
    "wamClientId": "e9d4988d-cf92-46f6-ab1f-d8c25d0bab95"
    }
}
file namepathversionNote
SCPD_DS365.dllC:\windows\softcamp\sdk\scsa6.1.0.4DS6 Product Module
SCPD_DS36564.dllC:\windows\softcamp\sdk\scsa6.1.0.4DS6 Product Module
DS365.Agent.exeC:\windows\softcamp\Security365\DS365\x646.2.0.1DS6 Product Module
DS365.Core.dllC:\windows\softcamp\Security365\DS365\x646.2.0.4DS6 Product Module

Preparation Requirements

User Windows Verification Items
  • Check windowAD registration information
  • You must have a registered domain as shown below.windowAD
  • Device Registration
  • Windows Settings - Account ItemCompany or School Accessselection
    windowAD
  • It should be registered as below.
    windowAD
Settings and Verification for Portal.Azure.com

security365.com settings

img

Check user delegation permissions as below

portal.azure.com settings

-

img

After logging into the Azure Portal, select the Microsoft Entra ID menu from the LNB menu, then choose Management - App registrations.

-

img

After selecting all applications, if it does not register as shown in the image after entering security365auth, click the new registration button at the top.

  • Name: security365auth
  • Supported types: Only accounts in this organization directory – single tenant selection (multi-tenant customers need to choose according to their organizational situation)
  • Public Client / Native (Mobile and Desktop)

img

Click the registration button at the bottom

-

img

LNB menu – Management – Select Authentication button – Select Redirect URI Configuration tab menu – Add the following content to the values for mobile and desktop applications ms-appx-web://microsoft.aad.brokerplugin/{client_id}

  • Note
    • The permissions required for administrator consent are basic permissions. (No need to add separately)
    • The secret of the registered app is not used.

Login Flow

The flow is the same as the AzureAD login integration. The difference is that when requesting the WAM accessToken, the clientId registered at portal.azure.com is used instead of the information from security365.