Microsoft Azure AD / Entra ID Authentication
The Microsoft Azure Entra ID provider allows authentication against an application created in the Azure management environment for i-net PDFC.
System Requirements
-
An account at the Microsoft Azure Portal
Create an OAuth Application
-
Login to your Microsoft Azure Portal Account
-
Go to "App Registrations" in the sidebar or using the search
-
Go to "New Registration"
-
Register a new application
-
The "Redirect URI (optional)" is important. It should be
https://<External Visible URL>/login/azure
, e.g.:https://<your-server:port>/login/azure
orhttps://<your-server>/pdfc/default.aspx/login/azure
(if IIS is used). The type is required to be "Web"
The Client ID
is obtained from the overview page and is called Application (client) ID
there.
After creating the Application you need to create client secrets:
-
Go to "Certificates & secrets" in the sidebar
-
Go to "New client secret"
-
Enter requested information
-
A new line will be generated in the table:
-
Copy the
Value
which is theClient Secret
-
Set up the Authentication
In the configuration manager web interface, you need to enter the Client ID
and Client Secret
that you received from the Microsoft Azure Application OAuth App.
If your application's type is Single Tenant only, you have to add the tenants name in the configuration as well. Otherwise, leave it empty.
Roles and Groups
Groups and roles can be transferred to i-net PDFC from Azure. To accomplish this, a token configuration must be added to the application in Azure. Switch to the Token Configuration view and click on add group claim.
Now select which role type you would like to activate in the application. The type property has no relevance and can be left at the default value ID
. Currently, you can only use the security groups, directory roles are not supported.