Authentication Delegation
Create an Azure Enterprise Application
In the Azure Active Directory administration center, from the Enterprise applications section, you have to do New application
Then perform Create your own business app instead of choosing an app from the gallery:
Then declare in this enterprise application the users having the permission to use this new enterprise application:
Finally, declare the necessary OpenID permissions for this application from the application registrations (Active Directory->application registrations->All applications):
Then, preferably grant the consent of these authorizations by the administrator to avoid users having to do the consent by themselves:
It is now a matter of finalizing the application registration to declare the Moovapps redirect url. To do this, go to the application registrations (Active Directory->application registrations->All applications), display All applications to be able to edit the company application previously created . In the Authentication section, add a web configuration and declare there the url of prod or preprod of Moovapps SSO:
Authentication response return uri
| Product | Destination Uri |
|---|---|
| Team PROD | https://secure-auth.team.moovapps.com/tenant/auth/delegations/oauth2/callback |
| Team PREPROD | https://secure-auth.team.preprod.moovapps.com/tenant/auth/delegations/oauth2/callback |
| Visiativ Process | https://domain name/web app/navigation/openid-connect-redirect |
Where tenant is your tenant ID for Team and https://domain name/web app/ correspond to the base URL for mails in Administration->Process configuration.
Finally, you must create a secret (of the longest duration) for this application from the Certificates and secrets section:
It is imperative to keep the secret value immediately after its creation, on pain of not being able to retrieve it later (ignore secret ID which is not the secret).
Retrieve Application ID (Client) and Directory ID (Tenant) from Azure from Overview (Active Directory->Registrations) application->All apps->Overview).
An Azure application for Moovapps SSO delegation must be created for each Azure tenant.
Transmit the collected information using the following URL: Generate a URL containing sensitive information destroyed after a consultation
Information expected:
* secret value
* Application ID (client)
* Directory ID (tenant)
Send the generated link by email to the VISIATIV consultant
Authentication Delegation
Set up delegation for Team
Refer to the documentation explaining the configuration of authentication delegation for Team.
The settings are made in the Team configurator.
Setting up authentication delegation for TeamSetting up delegation for Process
Refer to the chapter explaining the authentication delegation configuration for Process.
The settings are made in the administration of the server configuration (Settings tab) Implementation of authentication delegation for Process