O365 Authentication
In order to configure AGR for Office 365 authentication, following steps must be taken.
- 1. Register the AGR Application on Azure Portal
- 2. Configure AGR for Office 365 Authentication
- 3. Update AGR users to correspond to the Office 365 Users
1. Register the AGR Application on Azure Portal
The AGR instance for the organization must be registered on the organizations Azure portal. According to Azure all users in the organizations Azure Active Directory (Azure AD) will have access to AGR but AGR will only permit users configured with Azure AD emails.
This documentation only covers the account type option “Accounts in this organizational directory only”.
Go to Azure Active Directory -> App registrations -> New registration
Please replace mydomain/agr to correspond to the relevant AGR deployment server and web app instance.
Azure generates several IDs for the application.
Please note the ones labeled bellow with AppId and Auth0Domain. These IDs need to be specified in the web.config file on AGRs web api later on.
Go to Azure Active Directory -> App Registrations -> Auth365Demo
Configure Client Secret
Go to Azure Active Directory -> App Registrations -> Auth365Demo -> Certificates & Secrets
Please generate a secret with the “New client secret” button. Specify a description and expire time. There is only one chance to see and copy this secret. When the secret is created it can be copied but never again. The secret should be copied and kept somehow until AGR web api is configured later on. New secret must be generated if the secret is lost.
AGR uses v1 endpoints. Only one URI needs to be specified in the web.config file under AGR Web API (TokenEndpoint). Please notice the underlined URI ending with “oauth2”. AGR automatically adds “authorize” or “token” were needed.
2. Configure AGR for Office 365 Authentication
All settings for Office 365 authentication, apart from user settings, are in the web.config file under the AGR Web API. The only other settings are for each user
<!— value="true" configures AGR for Office 365 authentication -->
<add key="useO365Auth" value="true"/>
<!— Azure: “application id“ or “client id“ (image 2)-->
<add key="AppId" value="e41010a9-f655-499a-955e-d48a60cbc9f4"/>
<!— Azure: “tenant id“ or “directory id“ (replace text in green) (image 2) -->
<add key="Auth0Domain" value="https://sts.windows.net/c0f2769e-40f9-4677-baa7-682a05d076f5/"/>
<!— Azure: “tenant id“ or “directory id“ (replace text in green) (image 4) -->
<add key="TokenEndpoint"
value="https://login.microsoftonline.com/c0f2769e-40f9-4677-baa7-682a05d076f5/oauth2"/>
<!— Azure: “client secret” (image 3) -->
<add key="o365Secret" value="n:px25HkpGSA?1e4LbJwS+lCuT[6Vech"/>
3. Update AGR Users to Correspond to the Office 365 Users
Normal AGR users are created in the AGR system but the user emails must match the email of the corresponding Office 365 user.
