Sign In with Microsoft

Sign In with Microsoft offers employees a streamlined, secure, and user-friendly way to access the Employee Portal using their existing Microsoft credentials. By replacing traditional login methods—such as employee numbers and separate passwords—with familiar credentials from services like Outlook, Xbox, OneDrive, Windows, or Office 365 work/school accounts, it simplifies access and eliminates password fatigue

This single sign-on (SSO) solution enhances productivity by reducing login friction, facilitating seamless integration with Microsoft tools, and strengthening security through centralized authentication and multi-factor authentication (MFA). It also minimizes IT support demands related to password resets and access issues, resulting in a smoother user experience and greater employee engagement with HR services.

How it works

The "Sign in with Microsoft" feature utilizes the Microsoft OAuth 2.0 protocol through the Microsoft Identity Platform and Entra ID (formerly Azure Active Directory)  to securely authenticate employee users. Rather than managing separate usernames and passwords, employees are redirected to Microsoft’s secure login page, where they sign in using their existing Microsoft account credentials.

Once Microsoft successfully verifies the user’s identity, HRPro receives the authenticated account details—typically the employee’s email address—and uses that information to grant access to the Employee Portal. This process ensures secure, centralized authentication while simplifying the login experience.

Enable the "Sign in with Microsoft" button

In Employee Portal Setup, General tab. Under the Login panel. In "Employee Portal Login Options", enable "Sign in with Microsoft".

Disable "Sign in with Microsoft" for individual employees

Admins can disable the "Enable Sign in with Microsoft" option for individual employees by navigating to Employee Master > EPortal tab, under the User Permissions and Roles panel.

The Email address used for login must be recorded in the Employee Master under either the 'Email' or 'Personal Email' fields to ensure successful authentication.

Employee Portal Log Screen

A button "Sign in with Microsoft" will appear on the login page. Users simply click the button on the login page and authenticate using their Microsoft Account credentials. 

The system verifies the email address in the Microsoft Account and matches it with the employee's email stored in the HRPro's Employee Master records. Once authenticated, users gain immediate access without needing to enter a separate password for the portal, making login quick and secure. 

The process is seamless and reduces login friction by leveraging Microsoft’s secure authentication infrastructure to achieve the Single Sign-On (SSO).

"Sign in with Microsoft" offers an alternative login method for the Employee Portal. When enabled, users can still access the portal using their usual User ID and Password in addition to signing in with their Microsoft account.

Requirements for using "Sign in with Microsoft" 

To enable secure "Sign in with Microsoft" authentication for the Employee Portal, specific technical and environmental requirements must be fulfilled.

Core Requirements

• HTTPS Enforcement: Access the Employee Portal exclusively via HTTPS to encrypt all data transmissions and protect against interception.

• Stable Internet Access: Reliable connectivity is essential, as the service relies on Microsoft's cloud-based authentication infrastructure.

Entra ID Configuration 

Register the Employee Portal application in Microsoft Entra ID (formerly Azure AD). Obtain and securely store the Client ID (Application ID) and Client Secret for OAuth 2.0 flows in EPortal.config. This setup supports secure token exchange for HRPro user sessions.

How to register EPortal in Entra ID 

For organizations that prefer to use their own Azure credentials, you must obtain a Microsoft API Client ID and Client Secret from your Azure Portal.

1. Sign in to https://portal.azure.com with a Microsoft Work or School account that has permission to create app registrations. 

2. Navigate to Microsoft Microsoft ID > View > App registrations > New registration, 

• Enter a name (e.g., "HRPro EPortal"), 

• Select supported account types (e.g., "Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g., Skype, Xbox)"), 

• Add your redirect URI (e.g., https://hrpro.yourdomain.com/EPortal/OidcCallback.aspx), and click Register.

• Copy the Application (client) ID from the Overview page—this is your Client ID.

3. Go to Certificates & secrets > Client secrets > New client secret, 

• Add a description (e.g., "EPortal Client Secret")

• Set an expiry (e.g., 12 months), and click Add. 

• Immediately copy the Value (not the Secret ID)—this is your Client Secret, as it won't be shown again.

More details can be found at:

• Register an application in Microsoft Entra ID🡕

EPortal Usage Notes

In the EPortal.config, add

​<add key="MicrosoftSignInClientID" value="xxxxx-xxxxx-xxxx-xxxx-xxxxx" />

<add key="MicrosoftSignInClientSecret" value="xxxxxxxxxxxx" />