Enabling Microsoft Single Single On for 3Shape Account

Enabling Microsoft Single Single On for 3Shape Account

19/06/2024

Registration with Microsoft Account


Customers with Azure Entra ID

  1. Ensure the prerequisites for Customers with Azure Entra ID are met (see Prerequisites for Customers with Azure Entra ID).
  2. Click "Sign in with Microsoft" button.
  3. Sign in with a desired Microsoft account.
  4. Accept requested permissions if the screen is present.
  5. Follow further instructions when you are redirected back to 3Shape Account.

Customers with Private Microsoft Accounts

  1. Click "Sign in with Microsoft" button.
  2. Sign in with a desired Microsoft account.
  3. Accept requested permissions.
  4. Follow further instructions when you are redirected back to 3Shape Account.

 

Enabling Single Sign-On for Existing Users


Customers with Azure Entra ID

  1. Ensure the prerequisites for Customers with Azure Entra ID are met (see Prerequisites for Customers with Azure Entra ID).
  2. Visit 3Shape Account Profile.
  3. Click "Sign in with Microsoft" button in Personal Settings.
  4. Enter the password for your 3Shape Account.
  5. Sign in with a desired Microsoft account.
  6. Accept requested permissions if the screen is present.

You will be redirected back to 3Shape Account profile and you will see a notification about successful pairing.

 

Customers with Private Microsoft Accounts

  1. Visit 3Shape Account Profile.
  2. Click "Sign in with Microsoft" button in Personal Settings.
  3. Enter the password for your 3Shape Account.
  4. Sign in with a desired Microsoft account.
  5. Accept requested permissions.
  6. You will be redirected back to 3Shape Account profile and you will see a notification about successful pairing.

Prerequisites for Customers with Azure Entra ID


As a prerequisite, ensure that you have enough privileges to create a new enterprise application. You need to be at least a Cloud Application Administrator.

  1. Go to enterprise applications -> Overview in Azure Portal.
  2. Click "Add new application."
  3. Search for "3Shape Account" application.
  4. Depending on how the enterprise application looks for you, some steps might vary.
    1. If the application has a "Create" button, click "Create" and proceed to step 10.
    2. If the application has a "Sign up with 3Shape account" button, click "Sign up with 3Shape account".
  5. You will be redirected to the 3Shape Account registration page. Click "Sign-in with Microsoft" button.
  6. Sign in with your Microsoft account that has at least Cloud Application Administrator role.
  7. You will be presented with the Permission request page.
  8. Accept the permissions (only your current user will be affected).
  9. Regardless of the result (whether the 3Shape account is created or you are presented with an error), proceed to step 10.
  10. Ensure you have 3Shape Account enterprise application installed.

Depending on your organizational setup for User Consent settings for Enterprise Applications, the next steps vary.

  1. Go to 3Shape Account enterprise application.
  2. Go to Permission settings and click "Grant admin consent for your organization name."
  3. You will be redirected to a permission request window.
  4. Accept the permissions.
  5. Your organizational users can now register new 3Shape Account using their organizational Entra ID accounts. Users that have pre-existing accounts can now enable single sign-on (see Enabling Single Sign-On for Existing Users).
  1. Go to Enterprise Applications -> Consent and Permissions -> Permission classifications tab.
  2. If you have User.Read, offline_access, openid, profile, and email permissions enabled, users can create and pair accounts.
  3. If you don't have some of the permissions, add the missing ones.
  4. If your organization's policy does not allow adding missing permissions, then continue as if your policy is set to "Do not allow user consent."
  5. Individual users, upon their first login via 3Shape Account application, will be presented with a consent screen that they must accept to proceed with account creation/login.

 

  1. Individual users, upon their first login via 3Shape Account application, will be presented with a consent screen that they must accept to proceed with account creation/login.

 

Troubleshooting


Enabling Single Sign-On for Existing Users

Users See Notification "We did not succeed to enable single sign-on"

Possible Reasons:

  1. The user did not accept required permissions during sign in to their Microsoft account.
  2. The user cannot proceed with Microsoft login due to missing permissions (applicable for Customers with Azure Entra ID only).

Solution:

Based on your organizational setting of Enterprise Application Consent Request settings, your users might experience different breakaway flows: Admin Consent Request is Enabled


A user logs in/registers a 3Shape Account using their Microsoft account but can't proceed and sees "Approval required."

  1. . Go to Enterprise Applications -> Admin Consent requests -> All.
    1. If 3Shape Account is there, approve the request and proceed to the next step.
    2. If there is no pending Admin Consent request for "3Shape Account," proceed to the Prerequisites for Customers with Azure Entra ID section.

Admin Consent Request is Disabled

A user logs in/registers a 3Shape Account using their Microsoft account but can't proceed and sees "Need admin approval."

  1. Ensure prerequisites are met (see Prerequisites for Customers with Azure Entra ID).

Admin Consent Request is Disabled

  1. The user logged in with a Microsoft account that has an email matching an already existing 3Shape Account.
    1. Solution: Follow the instructions in the section Enabling Single Sign-On for Existing Users.

Registration with Microsoft

Users See Notification "We did not succeed to enable single sign-on"

Possible Reasons:

  1. The user did not accept required permissions during sign in to their Microsoft account.
  2. The user cannot proceed with Microsoft login due to missing permissions (applicable for Customers with Azure Entra ID only).

Solution:

Based on your organizational setting of Enterprise Application Consent Request settings, your users might experience different breakaway flows: Admin Consent Request is Enabled


A user logs in/registers a 3Shape Account using their Microsoft account but can't proceed and sees "Approval required."

  1. Go to Enterprise Applications -> Admin Consent requests -> All.
    1. If 3Shape Account is there, approve the request and proceed to the next step
    2. If there is no pending Admin Consent request for "3Shape Account," proceed to the Prerequisites for Customers with Azure Entra ID section.

Admin Consent Request is Disabled

A user logs in/registers a 3Shape Account using their Microsoft account but can't proceed and sees "Need admin approval."

  1. Ensure prerequisites are met (see Prerequisites for Customers with Azure Entra ID).

End of Solution

  1. The user logged in with a Microsoft account that has an email matching an already existing 3Shape Account.
    1. Solution: Follow the instructions in the section Enabling Single Sign-On for Existing Users.

Was this article helpful?

Give feedback about this article