When logging into our new authentication platform, customers that have previously used Azure Active Directory Single Sign-on Login (AAD SSO Login) will be asked to authenticate a new app called Quadrotech Platform.
Previous users of our Radar platform will have authenticated the Office 365 Reports app at an earlier time. It may seem confusing that you are being asked to re-authenticate a new Azure app. However the re-authentication is intended and needed to support our new restricted permissions model. Of course it’s also the case that this is a new app, and from a Microsoft point of view the apps are completely separate.
In the coming months, our new Reporting, Delegation and Policy Control platform for Office 365 will be launching which is the successor to Quadrotech’s Radar Reporting for Office 365 and Autopilot products. This new platform uses a set of much more granular Azure AD Apps than the existing Radar Reporting app. The QTID app authorization is the first in that new restrictive set.
There are four options available to proceed:
Authorize the Azure App for yourself only
This will allow us to get the AAD Tenant details including the AAD Tenant ID, domain names, your name, and your email address (which we need to allow future AAD Single Sign-ins). This does not give Quadrotech access to your organization and does not allow us to obtain details of other users in your organization or access any data other than basic details for the user that is currently signing in.
Every user signing up to QTID and trying to use SSO will need to authorize the app.
Authorize the Azure App for your whole organization
When signing in, you will be asked to authorize the app for yourself, as per the previous option. However, you may also see the option to Authorize on behalf of the whole organisation. By doing so each user will not need to authorize the application. This also gives Quadrotech access to all users’ names and email addresses, but only for those that have already signed in to QTID.
You will only see this option if you have Office 365 rights to authorize on behalf of your organization.
Manually Authorize for the whole organization
Some organizations will be unable to authorize the application at QTID login for their whole organization or for individual users. This gives you two choices for manual authorization:
1) Login to QTID at https://id.quadro.tech. Select the Azure AD tab and click Provide Admin Consent in Azure AD to Quadrotech Login. You must specify a Global Administrator when using this method.
2) Use this explicit link to authorize the Azure AD app. You must use a Global Administrator account when using this link, as you are authenticating on behalf of your organization.
Do not authorize the app
In this case, you are unable to use AAD Single Sign-on to authenticate to the new Quadrotech platform and Radar. You can, however, set a legacy username and password to continue accessing the Quadrotech Platform. Radar’s own app authorization will not be affected.
Which of the types of authorization you grant to the application is ultimately your decision. However, the preferred method is to choose the option Authorize the Azure App for your whole organization. This means that as a Global Administrator you give the application the required permissions, and, all other users of our platform do not need to be prompted and do not need to be educated about the choices.
If you have any questions on app authorization, please do not hesitate to contact us: firstname.lastname@example.org.