Authentication with Microsoft Entra
Microsoft Entra is a cloud-based identity and access management service that enables single sign-on (SSO) for users. Infoveave supports Microsoft Entra integration using the OpenID Connect (OIDC) protocol.
Setup Microsoft Entra
- Create a new App Registration in Microsoft Entra Administration Center.
- Name the Application Infoveave
- Choose Supported account types as “Accounts in this organizational directory only”
- Redirect URI should be set to
https://<infoveave-host>/External-Auth/<tenant>/OIDC-Callback - Copy the Application (client) ID and Directory (tenant) ID
- Generate a new client secret and copy the value
Setup in Infoveave
- Go to Administration > Control Center > External Authentication
- Select Enable External Authentication
- Choose Microsoft Entra as the provider
- Enter the Application (client) ID, Directory (tenant) ID, and Client Secret
- In the User Mapping Select Email in User Field
- Enter
unique_nameas the claim in token - Save the configuration
Integrate roles
- In Microsoft Entra, create App roles equivalent to roles in Infoveave
- Name the role based in what you find easy to manage
- Allowed Memeber types should be “Users and Groups”
- Value should be the role name in Infoveave
- Assign the roles to users
- In Infoveave, go to External Authentication
- Enable role mapping, Select
Role Nameas Role Field - Enter
Roleas the claim in token
Integrate User Context
User Context decides the user’s access to the data in Infoveave. User Context can be set based on the user’s group in Microsoft Entra.
- In Microsoft Entra, navigate to Token Configuration
- Add Groups Claim to match the following
- Navigate to API Permissions
- Add the following permissions
- User.Read
- Group.Read.All (Application)
- Grant Admin Consent
- In Infoveave, go to External Authentication
- Enable User Context
- Enter
groupsas the claim in token for User Context - Save the configuration