Azure AD authentication settings

Contents

  1. Registration and configuration of an application in Microsoft Azure Active Directory
  2. Configuring Microsoft Azure Active Directory authentication in Comindware Tracker

 

Registration and configuration of an application in Microsoft Azure Active Directory

Registering an application in Microsoft Azure Active Directory

In order to register an application in Microsoft Azure Active Directory , you need to go to the “ Azure Active Directory ” settings under your account at portal.azure.com . You need to go to the “ App registrations ” section and then click on “ New registration ”. Give your new application a name (“Comindware Tracker” would be a good, self-explanatory name), and specify your Comindware Tracker instance’s URI in the corresponding box.

Registered application in Azure Active Directory settings

Configuring a registered application in Microsoft Azure Active Directory

After registering an application in Microsoft Azure Active Directory , you need to open the “ Authentication ” section of the registered application’s settings. The URI you need to specify under “ Web” -> “Redirect URIs ” in this section is the web page users will be redirected to after logging in; that should be your Comindware Tracker URI (e.g. https://myserver.na1.comindware.net/ ). After doing that, you also need to check the “ ID tokens ” option under the “ Implicit grant ” tab.

Authentication section

As the next step, you need to configure the authentication token to include the users’ email addresses when they log in. To do that, go to the “ Token configuration ” section, then click on “ Add optional claim ”. In the window that pops up, select the “ ID ” token type, check the “ email ” claim and press “ Add ” to add it.

Token settings

User accounts in Microsoft Azure Active Directory

You need to make sure relevant user accounts are added to the Microsoft Azure user catalogue intended for authentication using OpenId Connect . This can be done under the “ Users ” section of Microsoft Azure Active Directory settings. On that page you can either import user accounts or create them manually. Keep in mind that the email addresses of the accounts you add should be the same as those configured for corresponding user accounts in Comindware Tracker.

User management in Microsoft Azure Active Directory

 

Configuring Microsoft Azure Active Directory authentication in Comindware Tracker

General settings

To configure user authentication via Microsoft Azure Active Directory in Comindware Tracker, you need to go to the Administration area and open the “ Azure Active Directory authentication ” tab. Here is an outline of the settings you can find there:

  • Enable authentication to Azure AD – activate/deactivate OpenId Connect (if disabled, users won’t see the button for authenticating with Azure AD at the logon screen);
  • Application (client) ID – enter the Application ID of the application you registered in Microsoft Azure Active Directory .
  • Directory (tenant) ID (DirectoryId) – enter the Directory ID of the application you registered in Microsoft Azure Active Directory .
  • Authority – this section is generated automatically in the format of: https://login.microsoftonline.com/{DirectoryId}/

Azure Active Directory authentication settings in Comindware Tracker

You can find the Application ID and the Directory ID in the Overview section of the registered application settings at portal.azure.com :

"Overview" section of the application

Configuring user accounts to use Microsoft Azure Active Directory authentication in Comindware Tracker

There are three authentication methods used for user accounts in Comindware Tracker: local, Active Directory and Azure Active Directory . Each user account can have just one of them enabled for it at one time. In order to enable the Microsoft Azure Active Directory authentication for a user account, you need to go to the Administration area , then to the Users tab, open the user account settings and pick the corresponding authentication method:

Selecting the authentication method for a user account

Attachments
There are no attachments for this article.
Feedback
Security Code
Related Articles
Adding Comindware to local Intranet makes it impossible to log in in Internet Explorer 8
Viewed 132 times since Wed, Dec 5, 2018

Functions
Viewed 129 times since Wed, Dec 5, 2018

How To Create a Workflow: Quick Start
Viewed 238 times since Wed, Dec 5, 2018

Mаndatory Fields
Viewed 285 times since Thu, Apr 9, 2020

Set the task assignee depending on parameters of the parent workflow task/doc
Viewed 132 times since Wed, Dec 5, 2018

Creating and managing a multi-level subtasks hierarchy
Viewed 125 times since Wed, Dec 5, 2018

About a Workflow
Viewed 263 times since Wed, Dec 5, 2018

Creating Transitions
Viewed 122 times since Wed, Dec 5, 2018

Assigning Responsible Persons
Viewed 203 times since Wed, Dec 5, 2018

List of tutorials
Viewed 573 times since Wed, Jul 15, 2020