Azure AD Authentication

Atria now has built-in support for Microsoft Azure AD Authentication, this means that Atria users can now use Microsoft credentials to sign in into Atria.  Microsoft Azure AD enables integration with many authentication and synchronization protocols.  Atria uses the industry-standard OAuth 2.0 protocol for integration With Microsoft Azure AD. 

OAuth is an open standard that apps can use to provide client applications with “secure delegated access”.  It works over HTTPS and can authorize devices, APIs, servers, and applications with access tokens rather than passing credentials.  Atria utilizes the Microsoft Authentication Library (MSAL) to acquire tokens from the Microsoft identity platform endpoint in order to authenticate users and access secured web APIs.

All you need to do to enable Microsoft Azure AD authentication in your Atria instance is to register Atria as an application in your Azure AD.   

To provide an additional layer of security you can also enable Multi-Factor Authentication on your Microsoft Azure AD.  Microsoft Azure AD Multi-Factor Authentication supports different forms of verification including Microsoft Authenticator App, OATH Hardware Token, SMS and Voice Call. For more granular control, you can enable conditional access policies in Microsoft Azure AD (May require an Azure AD premium subscription for users)

Atria has followed the Microsoft Standard App Branding Guideline for configuring the login option on the default Atria login page.   You can customize the “Sign in with Microsoft” button using the newly introduced branding page.  Add your custom CSS against the .azuread and .azuread img tag and changes will apply to the “Sign in with Microsoft” button.

A key benefit for users who are already authenticated with Azure AD is a seamless sign on experience to Atria, they will not be prompted again for credentials if they are already authenticated on the current computer/browser.

Microsoft Azure AD Differential Sync

In order to manage Azure AD and Office 365, Atria has a synchronization process which retrieves and matches users into Atria from Azure AD.  This can also be used for rapid on-boarding of new customers into Atria, and for ensuring that administrative changes made via Microsoft powershell are replicated back into Atria. 

Prior to version 12.13 Atria could only execute a full sync between Azure AD and Atria to synchronize changes.  This meant a query and comparison of all user objects in AzureAD with the records in Atria, for each tenant.  This process can be slow and inefficient, as it is a slow process this can also be a time consuming experience for Atria users.

Microsoft Azure AD Differential Sync was introduced in 12.13 to improve the user experience and performance of the sync. Atria now supports both full and differential syncs.  Atria executes a delta query to detect changes made using Microsoft Graph. The delta query enables Atria to discover newly created, updated, or deleted entities without performing a full read of the target resource with. A new setting called “Nightly Sync Mode” has been added to the Microsoft Azure AD Sync Policy Screen which allows users to set nightly sync operation to full or differential (default option).

Atria by default triggers differential sync when user manually syncs the tenant, but the sync mode can be changed to full sync when full sync checkbox checked in Azure AD Sync.  

Amongst many other improvements to logging, the Azure AD Sync screen has also been updated to show whether or not the full or differential sync was executed in the sync result grid.  

Unified branding experience

Atria modern UI was introduced in 12.7. When combined with the older Atria system, the different UI and style systems required users to customize stylesheets in two different places; In addition, customizing some of the modern UI was not supported.

Atria 12.13 has an improved branding experience and provides full support for classic and modern UI customization.  Now users can customize classic and modern UI elements and inject customized stylesheet elements in one place.

Many customers are not aware of the branding capabilities of Atria designed to support resellers and end-customer portal customization.  Resellers can have their own branded Atria portal, and even customers are able to change the look and feel of the portal based on their own branding requirements.