Set up for Microsoft, MFA and Case Manager
You can now log in to Case Manager with your Microsoft Azure account, which provides the extra convenience and security of single sign-on (SSO) and multi-factor authentication (MFA).
SSO is an authentication scheme that allows a user to sign in with a single login to a number of related, but independent programs.
With multi-factor authentication (MFA) the user must provide more than one proof of their identity before getting access to the system.
Here the two pieces of evidence required are:
- You must type in your User ID and password
- You must provide confirmation via an authenticator app on your mobile phone
There are two components of the setup process:
- Setting up your Case Manager system to offer login with Microsoft Azure accounts.
- Each user needs to confirm that they can access their Microsoft Azure account, that it's connected to Case Manager and is set up for MFA.
This done by the system administrator, see below at Set up Connections.
See the instructions immediately below.
The diagram shows the steps involved. You will already be at one of the five stages. Simply determine where you are and follow the rest of the steps.
Here you simply have to confirm that you already have a valid Microsoft Azure AD account. Check with your system administrator.
Then check that you can log in to Microsoft with your account credentials:
- your Azure AD email
- your Azure password
Go to https://myaccount.microsoft.com/ and check this.
- Confirm with the system administrator for your business that they have set up the connection between Case Manager and Azure AD accounts.
- Confirm that the Azure account ID entered in your Case Manager employee record by the system administrator is the account that you checked in Step 1.
They can check this by going to Case Manager, where they should see the Microsoft Sign in button at the login screen:
- If you have more than one Microsoft account you need to make sure that you are logged in with the account that the administrator has connected to Case Manager.
- When the administrator entered your Microsoft details in Case Manager, they changed your old Case Manager user ID to your Azure AD email address. Thus, you can no longer use your old Case Manager user ID.
See instructions at How do I change the account I'm logged in with? if required.
If for any reason you needed to log into Case Manager using the standard login method (the old method), the Case Manager username would now be your Azure email address and the password would be your old Case Manager password. Note also that this login method may have been switched off altogether by the administrator.
Download the Microsoft Authenticator app onto your mobile phone.
- Android phones
- Apple phones
Download and install it from the Play Store.
Download and install it from the App Store.
This is the most detailed step but it only has to be done once. It sets up the authentication relationship between your Azure AD account and the app on your mobile phone.
You will need your phone and a web browser on a separate computer.
- Go to https://myaccount.microsoft.com/ at the computer and sign in to your account (the one verified at Step 2 above).
- Click the additional security verification option in the Security Info panel.
- As your preferred option select Use verification code from app or token.
- Tick Authentication phone and enter your mobile phone number.
- Tick Authentication app or Token and click Set up Authenticator app.
You will now see configuration details for the mobile app.
- If you have followed the instructions on this page, you already have the Microsoft Authenticator app on your phone ().
- Open the Authenticator app and tap the + icon to add an account.
Then tap Work or school account.
Point your phone so that the QR code displayed in the configuration details at the web browser fits neatly inside the box:
If that doesn't work, enter the code underneath the picture of the QR code manually.
When the app displays a 6 digit code tap Next.
Volia! You're all done.
You can now Sign in with your Microsoft account from the Case Manager login screen.
This is done by the system administrator.
If your system is hosted by Chameleon Software
Go to the Security system settings by selecting Tools > Options and then click the Security tab.
- Click the Use Microsoft sign-in option.
- Enter approved domains in the Domain Whitelist area
- Click Setup.
Save your changes.
- At the Employee List change the User ID (username) for each user to their MS Azure AD account username.
Users can only enter Microsoft credentials if their username is an email address that includes a domain in this list.
This restricts the online credentials that can be used to log in to Case Manager.
In the unlikely event that the following error message appears when you save, do not be alarmed:
This is a simple issue and can be resolved with a quick phone call to Chameleon support.
- If you wish to setup your own Azure app you need to contact Case Manager Support for additional documentation.
When your system is not hosted by Chameleon Software
If your system is not hosted by Chameleon Software, contact us at Case Manager Support to assist you to set up the link.
Enter approved domains in the Domain Whitelist (2).
On completion, modify your employee records as described at step 5 above.
If you add the Azure Case Manager app using the Azure AD portal > Enterprise Applications, you need to grant consent for your company so that users can sign into Case Manager using the Azure AD App.
If this is not done, users entering their login details will see this error:
After the link has been set up:
- A system administrator who is logged in with their Microsoft credentials can untick the option to enable login with Case Manager local usernames and passwords.
This ensures that users can only log in to Case Manager using the Microsoft MFA.
If you want to retain both login options, users using the local login must enter their MS Azure AD account usernames with their Case Manager passwords.