Description

Describes how to convert authentication from Lenovo ID to Microsoft Azure Active Directory (AD) Single Sign-On (SSO) for the ThinkSmart Manager portal. 

Microsoft Azure Active Directory (Azure AD) is a multi-tenant, cloud-based identity, and access management service. The Azure AD directory includes the tenant's users, groups, and apps and is used to perform identity and access management functions for tenant resources. Lenovo Portal allows user authentication through Azure AD.
To get set up, your organization needs to create a new app in Azure AD and Lenovo needs the following information:

• Application (client) ID
• Client Secret
• IDP Configuration file (OpenID Connect metadata)

Once shared with Lenovo, your company’s organization will be created, and Lenovo can share your Azure AD’s URI Redirect Link.

For more information on ThinkSmart Manager portal, ThinkSmart Manager mobile app, and the ThinkSmart Manager Service (TSMS), visit: ThinkSmart Manager platform.

Solution

1. In ThinkSmart Manager (portal.thinksmart.lenovo.com) portal, click user profile image and navigate to Organization Account.
   Note: This option is available only for Owners.
   
2. In Organization Account, from Authentication, click Change provider and follow the on-screen instructions.
   
   
3. Log in to Microsoft Azure (https://portal.azure.com/), and proceed to Manage Azure Active Directory.
   
4. Navigate to the app registration page and register the new app (client app) by clicking the New Registration. Redirect URL can be populated later when you receive this value in email/TSM dialog.
   
   • Once the new application is created, start collecting data that is required to change organization authentication type to Azure Active Directory:
   • Application (client) ID
     • Copy the Application (client) ID from the Azure Portal Application Overview page.
       
   • Client Secret
     • Create the new secret and copy the Client Secret value on Certificates & Secrets page.
       
   • OpenID Connect metadata
     • Navigate to Application Overview and open the Endpoints tray. Copy the OpenID Connect metadata document link, open it in the separate tab in browser, and download the page info to your computer. This becomes an IDP Configuration file that is required to change organization authentication type to Microsoft Azure.
       
5. In this window, enter Client ID and Client Secret, then upload IDP Configuration file and click Next.
   
6. Copy the Redirect URL. This is required during Azure Active Directory setup process within Microsoft Azure (https://portal.azure.com/).
   
7. Go to Apps Registration, open your app page.
8. Go to Authentication, and click Add a platform, select Web, enter Redirect URL and save changes. 
   
   
   
   Azure AD setup is complete.