Users whose ManageBac accounts are associated with Microsoft or Azure Active Directory (AD) can enable Single-Sign-On (SSO) via those applications if enabled by the school's ManageBac administrator.
Via Settings > Integrations > Partners
An admin on your account can request to enable either Login with Office 365 or Login with Azure Active Directory by navigating to Settings > Integrations > Partners, and clicking on Microsoft Single Sign-on.
Click Request Integration and confirm Yes in the pop-up prompt, to confirm your school's interest in enabling this feature. Below you will also find an example of what this will look like for your users when they attempt to login to ManageBac via Microsoft or Azure AD.
Once clicked, the button will change to Waiting for Integration and your Account Manager will be in touch within 1 business day to confirm your interest in enabling single sign-on. You can also find instructions on the right-hand side to understand how to configure the integration.
Enabling Login with Microsoft and Azure AD
Once your subscription is confirmed, you can continue to configure enabling single sign-on with Azure Active Directory.
Step 1: Login to your Microsoft account
Login to Microsoft Azure and choose Azure Active Directory from the home screen.
Step 2: Add a new application
From the left panel navigate to App registration and click New registration.
Enter your Application Name (e.g. 'ManageBac - Faria International School'). Select Accounts in any organizational directory (Any Azure AD directory - Multitennant), then select Web for the Redirect URI and enter https://SUBDOMAIN.managebac.com/auth/azureactivedirectory in the field next to Web type (replace SUBDOMAIN with your school's ManageBac domain).
Click Register to create your application.
Note: Schools with managebac.CN domains encountering difficulties using the O365 SSO option since August 27, 2018, need to change the redirect URL from .com to .cn and complete.
Step 3: Enable on ManageBac
Logged in as an administrator on your ManageBac account, navigate to Settings > Integrations > Partners > Microsoft, select Edit to customise the integration.
From the Overview page copy and paste the Application (client) ID and Directory (tenant) ID into the Application (client) ID and Directory (tenant) ID fields on ManageBac.
Click Save Changes.
Step 4: Enable for Mobile Apps
Enable for iOS/macOS Apps
On the left panel of Microsoft Azure select Authentication, click Add a Platform and select iOS/macOS.
co.faria.mobilemanagebac as the Bundle ID, click Configure and click Done.
Enable for Android Apps
On the Authentication page, click Add a Platform and select Android.
co.faria.mobilemanagebac as the Package name,
zSYcr+Jl98M38cUv7Kq7kzsN38A= as the Signature hash, click Configure and click Done.
Step 5: Ensure Access Tokens & ID Tokens are enabled on Azure
Ensure that both Access Tokens and ID Tokens are enabled.
Step 6: Log in
Users who are using an Microsoft or Azure AD account as their ManageBac email will then be able to Sign-in with Microsoft on your school's ManageBac page.
Frequently Asked Questions
Will logging out of ManageBac log me out of my Microsoft account?
Please note that logging out of ManageBac will not log you out of your Microsoft account. Therefore, we recommend using this service from your personal computer. If using a shared computer, ensure you log out of Microsoft entirely before ending your session.
Does enabling Login with Microsoft create new accounts or change emails of users on ManageBac?
No, it allows users whose ManageBac account is already associated with Microsoft to log in using Single Sign-On.
If a student changes a password for their Microsoft account, will it instantly sync for Single Sign-On, or will it take some time?
No sync of passwords is needed for Single Sign-On.
Does the Microsoft account have to come from the school or can any user with an Microsoft account login as long as their ManageBac email is associated with Microsoft?
For Azure Active Directory, only users from the specified tenant for Microsoft can log in. For Microsoft alone, any accounts associated with Microsoft can log in using Single Sign-On as long as the email already exists on ManageBac.