Skip to main content

Merchant User SSO AzureAD Setup

This article details the steps to configure the PXS and your Azure instance to support SSO.

Updated over 2 months ago

Overview

This article details the steps to configure the PXS and your Azure instance to support SSO. General information about SSO, like user administration and login details can be found on our Paytronix Customer SSO Guide.

NOTE: Organizations using Access Identity Unified Login cannot implement traditional SSO configurations, as Access Identity serves as the unified authentication system for all Paytronix products. If you are unsure if your organization uses Access Identity or SSO, please contact your IT administrator to confirm which authentication system your organization has implemented.

Setup

  1. Create Enterprise Application.

    Note: Since we are using OAUTH an enterprise application isnt strictly necessary. This helps with showing it on your SSO portal if you choose. If you do not care about it showing on the SSO portal, skip this section:

    User-added image

  2. Click on 'Create your own application'

    1. Name the Application per your preference. We will use ‘Paytronix’ in the examples

    2. Ensure that ‘Integrate any other application you dont find the in the gallery (non-gallery)’ list item is selected.

    3. Click Create

    4. Go to Users and Groups and add the desired groups/users who can access the SSO

  3. Go to ‘App Registrations’

    1. Click All Applications

    2. Search for the name of the Enterprise Application that you created and click on it to open

      User-added image

  4. Go to Authentication

    1. Edit Web Redirect URL and enter the URL for the Paytronix Environment you are creating SSO for.

    2. Ensure that under Implicit grant and Hybrid flows that ID tokens (used for implicit and hybrid flows)is checked

    3. Check the Supported Account Type. In many situations you will just select Accounts in this organization only

      User-added image


      User-added image

  5. Click on API permissions

    1. Click Add a permission and grant.

      User-added image


Microsoft.graph.email
Microsoft.graph.openid

    1. Click Grant admin consent for {application name} to allow all users to access the SSO with pre-approval unless your corporate policy states otherwise.

    2. Paytronix matches the Email address in PXS to the oauth claim field: email.

      By default Azure does not pass the email claim. This is expected as PXS will look up the email field with a secondary request. If you need to specify a custom field for email address you can add a custom claim and set the email claim to whichever field matches the Paytronix Email field.

      User-added image

  1. Click on Certificates and secrets

    1. Click New Client Secret and enter a description and an expiration period.

      User-added image
      User-added image

    1. Copy and save the value after you click add. it will only show one time. You can always recreate a secret if you lose access.

    2. This secret will be required to be entered on the PXS side.

  2. Click on Overview

    1. Copy the Application (client ID)

    2. Click on Endpoints and copy the OpenID Connect metadata document URL

      User-added image

You should now have the following information and have Azure AD configured for SSO:

  1. Application Client ID

  2. Application secret

  3. OpenID metadata URL

These settings are needed within the PXS configuration to enable SSO.

Related Articles
Understanding Access Identity Unified Login
How can I view all my store addresses in the PXS Merchant?
Paytronix Security & Network Allowlist Guide
Paytronix Customer SSO Guide
Merchant User SSO Okta Setup
Did this answer your question?