Example: How to set up Microsoft Azure login via OAuth2
Microsoft Azure is Microsoft’s public cloud platform. You can use the Azure AD to log into your ADITO account. Therefore, you need to authenticate via a OAuth2 to Microsoft, and a successful login will send a redirect to ADITO with the information of the user in the HTTP header.
From Azure AD you need the following information:
- Client ID
- Client Secret
- Tenant ID
The following Chapters will show you how to set up the login method.
Creating a new application
You need to generate an application to generate your needed data. Go to your https://portal.azure.com/#home > Azure Active Directory > app registrations > all applications.
Create a new application
Point 3 displays the redirected URI. This setting can be added/changed at a later time. The URI should look like this: https:/ADITOServer-Hostname:Port/client/login/oauth
Adding client secret
Add a "New client secret" and copy the value of the secret.
Adding users
After getting your client secret you need to add your users to the application.
#Configure your system
As mentioned above you need to create a separate alias for your system (see Chapter "OAuth2"). In there you have to enter your data of the application you just created.
The property "scope" is used to set the permissions of your application. For basic usage you can always use "https://outlook.office365.com/.default".
Create a loginList entry in your instance configuration of your system (Instance configuration > System > Client) and select the type "oauth2-authorizationcodeflow". Add the property "alias" and set the name of your created alias as the value of the property. Save and close the loginList property and select your entry above at the property "neonLoginTypeIds". Save your progress and restart your system.
You should now see the Microsoft login-button when you open the ADITO client and log in with your Microsoft credentials.