KATS Platinum supports AD Integration. Should your agency wish to have implement AD support, have your IT personnel contact our support team for assistance with installation.
The logging in process for Azure AD users works as follows:
1) An admin is going to need to add the user in KATS as normal prior to them logging in. The email address and their KATS user group will need to be in KATS for the AD login to be accepted.
2) The users will need to navigate to a special login screen for their agency (e.g. https://katsonline.net/auth/your_agency, Note: this link will not work until we’ve set up the AD config on our end). The unique login URL identifies which AD service it should be asking for the login info.
a. If they mistakenly navigate to the normal KATS login page, it will ask them for their email and password as normal but when they click the login button they’ll proceed to step 3 below instead of being logged in (basically, the existing login page will still redirect them to the AD login, but it doesn’t know it needs to do that until after they’ve entered their email address, so there’s an extra step if they don’t use their customer specific login link).
3) This link will bring up Microsoft’s Azure AD (Office365) login page, and the AD servers will step them through the login.
4) When they’re done, if they’ve successfully logged in Azure will redirect them back to our servers with a login token, and they’ll be good to go.
The process to set up AD logins is as follows:
1) On our end, we need to provide them with a unique name for their configuration, which will be used in their URLs (e.g. your_agency)
2) Client’s IT logs into their Azure AD portal and configures permissions for KATS to request login credentials:
3) Navigate to https://portal.office.com/adminportal/home#/homepage
4) Click the Show All button
5) Click the Azure Active Directory button
6) Click the next Azure Active Directory button
7) Click the App registration button
8) Create a new application. The redirect URL needs to be set as https://katsonline.net/auth/your_agency/callback
9) Click the Add a certificate or secret button
10) The secret expires after a configured amount of time, so it’s important to keep track of when these are expiring so we can configure a new secret ID before it expires.
11) When the secret is saved, the client’s IT will need to get the secret ID before leaving the screen (it will be hidden when they return to the screen)
12) We also need the Client ID and Tenant ID from the application registration page
13) Once we have the Secret ID, Client ID, and Tenant ID, our KATS Platinum team will add the configuration to the website, and someone from your agency will then verify it’s working on their end.