Technical

Configuring Microsoft Entra with OIDC

Follow

Enabling OIDC in Asset Bank

At this time, OIDC is not enabled by default. Please contact our Customer Support Team to enable this feature. 

Once enabled, you will find the OIDC settings in the Config > System > SSO area of Asset Bank, along with the Sign-in Redirect URI and the Sign-out Redirect URI. Make a note of both of these for later.

 

Adding Asset Bank as an app in Entra

Sign in to the Microsoft Entra Admin Centre as an admin user for your organisation and click ‘App registrations’ in the left-hand menu.

From the top toolbar, click ‘New registration’.

Give the app a suitable name and select the account types you want to support. We recommend that you select ‘Accounts in this organizational directory only’. 

Add the Sign-in Redirect URI that you obtained in the first section and set the Platform to ‘Web’. Click Register.
 

 

Setting up the Client Secret

Go back to the ‘App Registrations’ page in the left-hand menu. Under the ‘All applications’ tab, click the app you just registered. Here you will see your ‘Application (client) ID’ and your ‘Directory (tenant) ID’. Make a note of these for later.

On the App Registrations page, under ‘Manage’, click ‘Certificates & secrets’.

Then click ‘New client secret’.

Give it a suitable name and an expiry. Microsoft limits the expiry to a maximum of two years, with no notification that renewal is due, so be sure to create a new secret before the old one expires. You can have multiple secrets enabled in Entra, which should make the transition to the new secret seamless. 

You’ll see your new Client Secret appear. Immediately note the Value (not the Secret ID), as it will only appear once.


 

Configuring Asset Bank

Go back to the Config > System > SSO area of Asset Bank and click ‘Edit these settings’ at the bottom of the page.

Set the Authority URL as https://login.microsoftonline.com/{tenant}/v2.0 where {tenant} is your ‘Directory (tenant) ID’.

Set the Client ID as your ‘Application (client) ID’ and your Client Secret as the Value of the client secret. 

Leave the Logout redirect URL as the default unless you wish to direct users away from Asset Bank when they log out.

You can add the IDs of any Asset Bank groups that users should be automatically added to when they log in via OpenID Connect.

 

Testing and Enabling

Before you enable OIDC for your users, you may wish to test it by visiting https://<your-base-url>/action/ssoAuthenticate?mode=manual, replacing <your-base-url> with your app's base URL. For example: 

https://example.assetbank.app/assetbank-example/action/ssoAuthenticate?mode=manual

Once you've tested the login, you can enable it for your users, which will add a 'Login with SSO' option to your login page.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.