Create 2 App registrations for using Federated Identify (FID) within Azure Entra ID
To use Federated Identify (FID) within Azure Entra ID, you need to create 2 (Web and Public) App registrations for Exact Synergy, Globe+ or Exact Lightweight Integration Server (ELIS).
We support 2 protocols SAML and OAuth.
Follow the next steps to create the need app registrations:
Step 1 create the WEB app registration.
- Login to the Azure Portal with an account with sufficient rights to create the app registrations.
- Navigate to Microsoft Entra ID and on the right menu, click on ‘App registration’.
Click on the button ‘+ New registration’ and provide a useful name, for example 'Synergy – Web'
At the option ‘Select a platform’ chose Web
Behind this option enter you URL to your Synergy environment (using HTTPS) for example https://synergy.company.com - Click on the left menu on option: ‘Authentication’
Click on Add URI and add for your URL the following https://[your Synergy url]/docs/SysFederatedLogin.aspx. In this example it would be: https://synergy.company.com/docs/SysFederatedLogin.aspx
Below ‘Implicit grant and hybrid flows’ enable option: ‘ID tokens (used for implicit and hybrid flows)’
Click on the Save button (below) - If you want to use the OAuth protocol, you need to create a client secret. Click on the left menu item: ‘Certificates & secrets’
Click on the button: ‘+ New client secret’ provide a clear description, for example Client_secret and at the Expires option select how long this client secret will be valid. Currently the maximum is 2 years.
This also means that after the selected period is expired, you need to create a new client secret.
Click on the Add button.
Copy and save the Value, because this will be only shown now. If you return to this option, the Value is not totally visible anymore and cannot be copied to be used. - Click on the left menu: ‘API permissions’ and click on the button: ‘✓ Grant admin consent for [name]
- ick on the left menu: ‘Expose and API’ and click on the Add button behind: ‘Application ID URI’, this will general an api://{guid}. You can leave it like this or enter your Synergy URL.
Click on the button: ‘+ Add scope’ and a useful scope name, for example user_impersonation. Select at the option: ‘Who can consent?’ Admins Only. Enter something in all display names and descriptions because this is obligated. - Your now done configuring the Web App registration part.
Step 2 create the PUBLIC App registration.
- Click on the button ‘+ New registration’ and provide a useful name, for example Synergy – Public
At the option ‘Select a platform’ chose for ‘Public client/native (mobile & desktop)’
Behind this option enter you URL to your Synergy environment (using HTTPS) for example https://synergy.company.com - Click on the left menu on option: ‘Authentication’
Enable the option: ‘https://login.live.com/oauth20_desktop.srf (LiveSDK)’
Click on Add UR link and add the following URL: ‘urn:ietf:wg:oauth:2.0:oob’
Go to section: ‘Allow public client flows’ and select Yes at ‘Enable the following mobile and desktop flows:’ - Click on the left menu: ‘API permissions’ and click on button: ‘+ Add permission’ find you Web App registration in either ‘My APIs’ or ‘APIs my organization uses’.
Enable the option -you named in the create of the Web App registration- in our example the name: ‘user impersonation’ will be shown.
Click on the button: ‘Add permissions’
Click on the button: ‘✓ Grant admin consent for [name] - Your now done configuring the Public App registration part.
Main Category: |
Attachments & notes |
Document Type: |
Online help main |
Category: |
|
Security level: |
All - 0 |
Sub category: |
|
Document ID: |
31.637.598 |
Assortment: |
Exact Synergy Enterprise
|
Date: |
21-08-2024 |
Release: |
|
Attachment: |
|
Disclaimer |