Configure your Exact products to use Microsoft Entra ID (Federated Identity)
This document describes how you can configure your Exact product(s) to use Microsoft Entra ID (Azure) for Federated Identity (FID).
Currently we support 2 protocols: SAML and OAuth.
Follow the next steps using to configure Exact Synergy Enterprise, Exact
Globe+ and/or Exact Lightweight Integration Server (ELIS) for FID:
Exact Synergy
- Navigate to the CAB folder within the Exact Synergy Enterprise installation folder.
- Start the application called: 'FIDConfigurator.exe'
- Click on the button: '...' and select the Exact Synergy Enterprise installation folder.
- At the option: 'Identity Provider' you should select the (default) option: 'Windows Azure Active Directory'.
- At the option: 'Protocol' you can select OAuth or SAML
OAuth option:
- Add the Metadata field past the metadata URL which you can found on the Azure Portal:
Microsoft Entra ID | App registration | Endpoints and copy the URL value below: 'Federation metadata document'. - The field: 'Authority' will automatically be filled.
- At the field: 'Client ID' you need to enter the 'Application (client) ID' of the Public App registration.
- At the field: 'Client ID (Web)' you need to enter the 'Application (client) ID' of the Web App registration.
- At the field: 'Client Secret' you need to enter the client secret created in the Web App registration in menu option: 'Certificates & secrets'
- At the field: 'Resource' you need to enter the 'Application ID URI ' value which can be found in the Web App registration you have created for Exact Synergy in menu: 'Expose an API'.
- The field: 'Allowed Audience' is filled in automatically.
- The field: 'Allowed Audience (Web)' is filled in automatically.
- The field: 'Authorize Endpoint' is filled in automatically.
- The field: 'Token Endpoint' is filled in automatically.
SAML option:
- Add the Metadata field past the metadata URL which you can found on the Azure Portal:
Microsoft Entra ID | App registration | Endpoints and copy the URL value below: 'Federation metadata document'. - The field: 'SAML Issuer Name' will automatically be filled.
- The field: 'Authority' will be filled in automatically.
- At the field: 'Client ID' you need to enter the 'Application (client) ID' of the Public App registration.
- At the field: 'App URI ID' you need to enter the 'Application ID URI ' value which can be found in the Web App registration you have created for Exact Synergy in menu: 'Expose an API'.
- The field: 'Allowed Audience' is filled in automatically.
- The field: 'Realm' is filled in automatically.
- The field: 'Audience URI' is filled in automatically.
- The field: Thumbprint' is filled in automatically.
- The field: 'WS Fed Issuer' is filled in automatically.
For both protocol:
- At the field: 'Reply' needs to be filled with the Exact Synergy URL ending on a slash (/)
- Click on the button: 'Generate'.
- Enter a username (UPN) of a user who can be authorized on Micrsoft Entra ID which does NOT have Multifactor Authentication (MFA) enabled. *
- Enter the password of the user and click on the button: 'Validate'.
- If everything is entered correctly you should see in the results window: 'Status: SUCCESS'.
Exact Globe+
- Navigate to the CAB folder within the Exact Globe+ installation folder.
- Start the application called: 'FIDConfigurator.exe'
- At the Products menu select the option: 'Exact Globe+'
- Click on the button: '...' and select the Exact Globe+ installation folder.
- At the option: 'Identity Provider' you should select the default option: 'Windows Azure Active Directory'.
- Add the Metadata field past the metadata URL which you can found on the Azure Portal:
Microsoft Entra ID | App registration | Endpoints and copy the URL value below: 'Federation metadata document'. - The field SAML Issuer Name will be filled automatically.
- At the field: 'Client ID' you need to enter the 'Application (client) ID' of the Public App registration.
- At the field: 'Resource' you need to enter the 'Application ID URI ' value which can be found in the Web App registration you have created for Exact Synergy in menu: 'Expose an API'.
- The field: 'Allowed Audience' will be filled automatically.
- The field: 'Thumbprint' will be filled automatically.
- The field: 'Authority' will be filled automatically.
- The optional field: 'Allowed Audience (Web)' you can enter the 'Application (client) ID' of the Web App registration.
- Click on the button: 'Generate'.
- Enter a username (UPN) of a user who can be authorized on Micrsoft Entra ID which does NOT have Multifactor Authentication (MFA) enabled. *
- Enter the password of the user and click on the button: 'Validate'.
- If everything is entered correctly you should see in the results window: 'Status: SUCCESS'.
Exact Lightweight Integration Server
- Navigate to the CAB folder within the Exact Synergy or Exact Globe+ installation folder.
- Start the application called: 'FIDConfigurator.exe'
- At the Products menu select the option: 'Exact Lightweight Integration Server'.
- Click on the button: '...' and select the Exact Lightweight Integration Server installation folder.
- At the option: 'Identity Provider' you should select the default option: 'Windows Azure Active Directory'.
- Add the Metadata field past the metadata URL which you can found on the Azure Portal:
Microsoft Entra ID | App registration | Endpoints and copy the URL value below: 'Federation metadata document'. - The field SAML Issuer Name will be filled automatically.
- At the field: 'Allowed Audience' you need to enter the 'Application (client) ID' of the Public App registration.
- The field: 'Thumbprint' will be filled automatically.
- At the field: 'Allowed Audience (Web)' you need to enter the 'Application (client) ID' of the Web App registration.
- The option: 'Authority' will automatically be filled.
- At the field: 'Client ID' you need to enter the 'Application (client) ID' of the Public App registration.
- At the field: 'Resource' you need to enter the 'Application ID URI ' value which can be found in the Web App registration you have created for Exact Synergy in menu: 'Expose an API'.
- Click on the button: 'Generate'.
- Enter a username (UPN) of a user who can be authorized on Micrsoft Entra ID which does NOT have Multifactor Authentication (MFA) enabled. *
- Enter the password of the user and click on the button: 'Validate'.
- If everything is entered correctly you should see in the results window: 'Status: SUCCESS'.
* The FIDConfigurator does not support Multifactor authentication MFA!
Main Category: |
Attachments & notes |
Document Type: |
Online help main |
Category: |
|
Security level: |
All - 0 |
Sub category: |
|
Document ID: |
31.637.653 |
Assortment: |
Exact Synergy Enterprise
|
Date: |
21-08-2024 |
Release: |
|
Attachment: |
|
Disclaimer |