DriveWorks 21 shipped with support for a new group login method, Single Sign-On (SSO) which is now supported for Microsoft Entra (formerly Microsoft Azure Active Directory).
SSO is one of those very rare features where it not only makes security better but also improves the end-user experience. SSO improves security because it allows user credentials to be centrally managed by the Microsoft Entra administrator (usually the IT team) in the context of the domain user. It also provides the opportunity to add additional security requirements such as password complexity requirements (length, special characters, etc) and multi-factor authentication (MFA).
The DriveWorks Systems Team is responsible for an internal implementation of DriveWorks Pro – “Internal Projects”. This implementation of DriveWorks has been created purely for business process automation, with no CAD. Everybody in the DriveWorks team uses Internal Projects. There are team-specific Internal Projects and a DriveApp implementation for managing our community users, sales data analysis, license generation, and lots more. We also use Internal Projects to make holiday booking requests, order clothing, and file expense claims.
DriveWorks now has over 60 employees, so managing all these user logins for Internal Projects was becoming a bigger challenge. When the new DriveWorks 21 SSO feature was released, we decided it would be a great feature to adopt in our Internal Projects.
Adopting SSO in our Internal Projects
First, we upgraded the development environment to DriveWorks 21 following our standard process of backing up the database, the group, and the implementation files (an upgrade guide can be found on our public help file).
After the upgrade and testing to ensure the implementation behavior was the same as before the upgrade, we worked with our internal IT team to set up the Entra App. Together, we followed the DriveWorks help file guide on SSO to create and configure an app that serves as the connection point for the group into Entra.
Using the credential keys created from the Entra app, we applied them inside the Pro Server application under the correct group.
Pro Server Application – SSO Credentials Form
The final step in connecting the group to the Entra app was to configure the DriveWorks Live Integration Theme config file. Again, following the online DriveWorks help file we set the keys generated from the Entra app in the DriveWorksUserConfig.xml file.
While still only changing the development environment, the group was connected to the Entra app, the next task was to map the users. This is done inside the Pro Server application itself on the “SSO Credentials” form. Working our way down our company staff list alphabetically we mapped every DriveWorks user to the corresponding Entra user by simply selecting and saving users from the list. We were cautious performing this mapping as we did not want a situation where an Entra user was mapped to the incorrect DriveWorks user. For reassurance, we had a separate member of staff check the mappings. This did find one or two incorrectly mapped users – a helpful reminder, that it’s always a good idea to have a separate person check your work!
At this point, SSO was set up and ready to go for anybody accessing the group via DriveWorks Administrator. However, it is only a small group of administrator staff who access the group in this way. The majority of the DriveWorks team use the front-end website, powered by the Integration theme. So the final task was building a login experience into this website to allow for SSO login.
Our strategy was to take the example code from the corporate website example and implement it into our existing site. The corporate website example was updated in 21.1 to showcase how SSO login can be implemented. We did make a few stylistic/UX tweaks to better suit our website. However, overall the logic to implement SSO in the client site is very straightforward, in fact, the actual JavaScript code is a one-liner when using the JavaScript Client SDK (.loginSSO())
Lastly, we gave this feature a thorough round of testing amongst a range of different user accounts, across different browsers. Once we were happy the feature was robust and working as expected, we repeated the same process in production. Albeit, not re-writing the website code but instead pushing the code from the development site into production.
We have had the SSO login feature enabled in our Internal Project Group and intranet portal for a number of months now. The feature has streamlined the process for the Systems Team. Whilst there is an initial investment of work to set the feature up (as outlined above), the benefit of the investment is a more secure, maintainable and streamlined login experience. The day-to-day experience of all our staff is improved too. Instead of repeatedly typing in username and password to log into the site, it’s as simple as a one-click login.
SSO was an entirely new feature that launched with DriveWorks 21.0. In fact, it is only the 2nd login method added to a group in all of DriveWorks software history! Adopting the feature internally as well as engaging with DriveWorks Pro customers who have adopted the feature, we have learned from these experiences and have used the release of DriveWorks 21 Service Pack 1 to make the overall feature more robust. Now looking to the future we plan to improve the experience with better reporting, tooling and assistance when setting up SSO. Watch this space!
We are really interested to hear from anybody who is happy to share their own DriveWorks-SSO story, get in touch using our contact form or post in the MyDriveWorks Forum.
Guest Author: Jake Lawley DriveWorks Systems Team Manager
Automating everything is Jake’s goal – at DriveWorks, and in his personal life. Jake has a background in Computer Science, spent his internship at DriveWorks in the Technical Team, and now heads up our Systems Team. Jake has used DriveWorks software to automate most of our business processes and systems at DriveWorks. He has built our KPI system, which displays metrics and information around our offices to keep us all informed. When he’s not automating, he’s usually out running.
Join Us at DriveWorks World 2024 to Learn More About How We Use Our Own Software at DriveWorks
Have you registered for DriveWorks World 2024? DriveWorks World is a value-added virtual event, hosted by DriveWorks experts. It’s a celebration of innovation, knowledge sharing, and technical expertise free for DriveWorks Customers with Active Subscription, Resellers, and Partners to attend. Our team of DriveWorks Technical Experts will be hosting a number of sessions designed to explain how we use the functionality in DriveWorks in our own Projects.
