top of page

Urbanise Facilities Management Update - March 2024

Urbanise is proud to announce the release of Single Sign On (SSO) for Microsoft Azure Active Directories.


Other changes in this release includes general security enhancements across the Urbanise FM platform.


The latest version of the FORCE mobile app and the Urbanise FM Customer Store app will be required for this update.


Changes to existing functionality in the Urbanise FM Operator Portal

The following changes have been made to existing screens and functionality to support SSO:

Changes to a user's session duration

When logged into the Urbanise FM operator portal or customer portal, the user's session will remain active for 30 days, after which they will be prompted to re-authenticate via the sign-in screen.

Customers with an integrated payment gateway will continue to experience a session of 15 minutes to maintain adherence to PCI (Payment Card Industry) requirements.


Changes to the login screen

The login screen in the operations portal has a new look, although the login process remains unchanged when using your existing username/password.


Changes to the Agent Details screen

The email address field will be phased out, and the username field must now contain a valid email address in the Agent Details screen. The following changes will be observed when updating and creating agent profiles:

  • When saving an existing agent's details where the username is not an email address, you will be prompted to update the username field to match the agent's email address. After saving a valid and matching email address in the username field, the Email field will be hidden in the agent's profile.


  • When saving an existing agent's details where the username was previously saved as an email address, the email address field will no longer display in the agent's profile.


  • When creating a new agent, the Email field will no longer be available, and a valid email address must be entered into the Username field.


Single Sign-On (SSO) - New feature

This update includes the ability to configure an Active Directory  (AD) domain to allow operator agents and customers to be authenticated via their Microsoft Azure Active Directory instead of the existing Urbanise username/password authentication.


The implementation of SSO will provide the following key benefits:

  • Enabling 2 Factor Authentication (2FA) configured through your Active Directory for enhanced security

  • Reduced need to remember multiple credentials, which increases security

  • Reduced time spent logging into the system and resetting passwords

  • Uniform authentication policies for your organisation

Adopting SSO in Urbanise FM

If you want to adopt SSO using your Microsoft Azure Active Directory, please review the points below and contact Urbanise Support to assist with configuration.

  • Multiple domains may be configured if required, for example user@domain.com and user@domain.com.au

  • When a domain has been configured, the changes to the login experience will be immediate. Therefore, we recommend you advise all operator agents and customers with a matching email address that they will need to use the Microsoft button to log into the platform after SSO is configured.


Changes to the Operator portal login experience when using SSO

When an Active Directory domain has been configured, the login screen will change as follows:


  • A new Microsoft button will be available underneath the existing login fields. When logging in with this option, an agent with an email address matching the domain will be authenticated via Microsoft and not Urbanise.



  • Agents authenticated via the external Azure Active Directory will no longer have the option to reset their password from the Urbanise FM login page, as all user security falls under the configured active directory (for example Microsoft).

  • Multi-factor Authentication is not managed by Urbanise, and is dependent on the Active Directory configuration.

  • The number of failed login attempts allowed is not managed by Urbanise, and is dependent on the Active Directory's rules.

Changes to the Agent Details screen when using SSO

After an Active Directory domain has been configured, the Agent Details screen will change as follows:

  • When an agent's email address matches the configured domain, the Login enabled checkbox to manage an agent's access to the platform will be replaced with the text 'Authenticated via external directory'.


  • When an agent is authenticated via an external directory as above, the Reset password button will not be available on the Agent Details screen.

  • If you plan on switching to SSO, you may update the usernames and email fields at any point to prepare for the changes. If you plan on switching to SSO, the username field must be updated with a valid email address from your Corporate Azure Active Directory.


Changes to the Customer Account Details screen when using SSO

After an Active Directory domain has been configured for customers, the settings for a Customer Account with an email address under the configured domain will no longer have the Reset Password option.


The Urbanise FM Customer Portal

  • When logged into the customer portal the user's session will remain active for 30 days, after which they will be prompted to re-authenticate via the sign-in screen.

  • Customers with an integrated payment gateway will continue to experience a session of 15 minutes to maintain adherence to PCI (Payment Card Industry) requirements.

  • When the Customer portal has been configured to use SSO, customers with an email address under the configured domain will be able to log into the portal using the Microsoft icon instead of their Username / Password.


The STORE mobile customer app

When SSO has been configured for the Customer portal, operators with an email address under the configured domain will be able to log into the STORE mobile app using the Microsoft button instead of their Username / Password.


The FORCE mobile workforce app

When SSO has been configured for the Operations portal, operator agents and supplier agents with an email address under the configured domain will be able to log into the FORCE mobile app using the Microsoft button instead of their Username / Password.



Other Changes in this update

When viewing the Job Details screen the Prepare Invoice option is now also available as a button, removing the need to use the drop-down.



Comments


bottom of page