V1_6
First steps
      Back to home
      1. Knowledge Base
      2. General
      3. First steps

      How do I switch to Microsoft 365 login for Scope?

      By combining MS Entra ID and Scope credentials, you can manage users and their master data yourself. Enable full control over your internal password policies and benefit of a secure multifactor authentication (MFA).

      How do I set up the integration?

      Prerequisites:

      You already have Microsoft 365 ready for your staff.

       

      Current limitations:

      1. Migration is limited to the usage of one Microsoft tenant ID per Scope organization. This restriction is temporary, and will be lifted in the future.
      2. By default, emails sent from Scope will use the user's personal email address as set in their Microsoft 365 profile. This means that email composed within Scope will be automatically sent from the email address, that was used for MS 365. Users can manually select alternative sending email addresses for their messages within Scope if needed.
      3. End-users will need to remember their password from before the migration for access to the Scope test system. This concerns a temporary solution, as access to the Scope test system will change.
      4. User IDs for the Scope Rest Webservices will not be migrated to Microsoft 365. This restriction is temporary, and will be lifted in the future.

       

      1. Send us your Tenant/Organization ID, which you can find on the MS Entra ID overview page.
        Send us your information here:
        https://share.hsforms.com/1o62sARgQQYypWVDXO0K16g5c4nh
         
        Tenant ID2
      2. We will do the required mapping and inform you. 
      3. Go to the Scope welcome page.
      4. Click the Sign in button and enter your Microsoft 365 account details and confirm by clicking Next and Sign in
        NOTE: Depending on your MS Entra configuration, it may be necessary to have admin rights to proceed. If you encounter an error message here, please talk to your administrator.
      5. Confirm the following messages with the button Accept.
        You are authorizing Scope to log you in. 
        Accept_EN
      6. Once you return to the Scope welcome page, simply click on the "Launch App" button to access Scope. If you receive a warning message, proceed as follows:
        a) Check the box for Always allow
        b) Then click on open.
      7. Scope is loaded, and a login window awaits your input.
      8. Enter your usual Scope credentials here. This will establish the link between Microsoft 365 and Scope, and in the future the login will be automatic. 

      Notes for MS Entra ID administrators

      • Access to hostnames matching *.riege.com and scopeidentityprod.b2clogin.com must be allowed in any existing firewall. For successful use of the test environments, access to scope.riege.cloud and scopeidentityfat.b2clogin.com must also be allowed in the same way. It is also important that any existing security proxy that analyzes SSL encrypted traffic to the Scope server instance (e.g. live-scope-abc.riege.com) and above-mentioned “b2clogin.com” hosts must not interfere with the encrypted traffic. Scope will detect if the data stream has been decrypted for analysis and refuse to work.
      • All communication there takes place on port 443 with HTTPS. We cannot issue IP addresses for the hosts as these addresses are not under our control but are managed dynamically - depending on the location - by Microsoft.
      • Once we have assigned your Tenant/Organization ID and enabled the login process, the login of all users is only possible with the MS 365 credentials. Scope appears in the MS Entra ID Application Gallery and you can actively manage the users yourself. For example, it is possible to group the Scope users in one or more groups. 
      • Scope does not require any special MS Entra permissions.
      • For more information about the multi-factor authentication (MFA) please visit the Microsoft support pages.