CS

Configuring user login via MS Entra

Home / Support / Manuals / Administrators Guide /

Configuring user login via MS Entra

CS

Manual in PDF format

The application supports user login using accounts managed in Microsoft Entra ID (formerly Azure Active Directory). To use this functionality, manual configuration in the Microsoft Entra ID environment is required.

Configuring Microsoft Entra ID consists of the following steps:

  • Application registration “NET Genium” at https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
    • portal.azure.com / App registrations
    • NET Genium as the application name
    • Finding Application (client) ID which is automatically created when the application is registered
      • Application (client) ID
    • Setting NET Genium URL to https://{netgenium_url}/LoginByMicrosoft.aspx
      • portal.azure.com / App registrations / NET Genium / Authentication / Redirect URIs
    • Authorization access tokens
      • portal.azure.com / App registrations / NET Genium / Authentication / Implicit grant and hybrid flows / Access tokens (used for implicit flows)
    • Authorization Token ID
      • portal.azure.com / App registrations / NET Genium / Authentication / Implicit grant and hybrid flows / ID tokens (used for implicit and hybrid flows)
    • Creation client secret code
      • portal.azure.com / App registrations / NET Genium / Certificates & secrets / New client secret
    • Setting API permissions for Microsoft Graph
      • portal.azure.com / App registrations / NET Genium / API permissions / Add a permission / Microsoft Graph
      • API name “Microsoft Graph – User.Read”, type “Delegated

Obrázek.png

  • Creating a configuration file “MicrosoftOAuth.json
    • Set the contents of the file to: “{"web":{"client_id":"ID aplikace (klienta)Application(client)ID","auth_uri":"https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize","token_uri":"https://login.microsoftonline.com/organizations/oauth2/v2.0/token","client_secret":"client secret code"}}”
  • Procedure for debugging errors or in case of broken login
    • Enable "To disk" or "To database and to disk" logging
    • Try logging in
    • Parse the contents of the log file "NETGenium\Logs\Anonymous\{yyyy-dd-MM}\loginmymicrosoft.log"
    • According to the type of error described in the log file "loginbymicrosoft.log"
      • Change the contents of the configuration file "MicrosoftOAuth.json"
      • Change settings in Azure (typically client_secret expiration)