CS

Configuring user login via MS Entra

Home / Support / Manuals / Administrator Guide /

Configuring user login via MS Entra

CS

NET Genium supports user login using accounts managed in Microsoft Entra ID (formerly Azure Active Directory). To use this functionality, manual configuration in the Microsoft Entra ID environment is required.

Microsoft Entra ID configuration

  • Application registration “NET Genium” at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
    • portal.azure.com / App registrations
    • NET Genium as the application name
    • Finding Application (client) ID which is automatically created when the application is registered
      • Application (client) ID
    • Setting NET Genium URL to https://{netgenium_url}/LoginByMicrosoft.aspx
      • portal.azure.com / App registrations / NET Genium / Authentication / Redirect URIs
    • Authorization access tokens
      • portal.azure.com / App registrations / NET Genium / Authentication / Implicit grant and hybrid flows / Access tokens (used for implicit flows)
    • Authorization Token ID
      • portal.azure.com / App registrations / NET Genium / Authentication / Implicit grant and hybrid flows / ID tokens (used for implicit and hybrid flows)
    • Creation client secret code
      • portal.azure.com / App registrations / NET Genium / Certificates & secrets / New client secret
    • Setting API permissions for Microsoft Graph
      • portal.azure.com / App registrations / NET Genium / API permissions / Add a permission / Microsoft Graph
      • API name “Microsoft Graph – User.Read”, type “Delegated

Obrázek.png

NET Genium configuration

  • Create a configuration file “MicrosoftOAuth.json
    • Set the contents of the file to: “{"web":{"client_id":"ID aplikace (klienta)Application(client)ID","auth_uri":"https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize","token_uri":"https://login.microsoftonline.com/organizations/oauth2/v2.0/token","client_secret":"client secret code"}}”

Debugging errors or in case of broken login

  • Enable "To disk" or "To database and to disk" logging
  • Try logging in
  • Parse the contents of the log file "NETGenium\Logs\Anonymous\{yyyy-dd-MM}\loginmymicrosoft.log"
  • According to the type of error described in the log file "loginbymicrosoft.log"
    • Change the contents of the configuration file "MicrosoftOAuth.json"
    • Change settings in Azure (typically client_secret expiration)