Basic step-by-step tutorial for OAuth2 config with Azure AD
Prerequisites:
- Simplicité instance with designer access
- A test account in your Azure organization to test the login
1) New app registration
2) Register
3) Locate some of the endpoint data
NB: depending on the “supported account types” selected on step 2, your authorization and token URLs might or might not contain the tenant ID
4) Generate and save secret
Warning: The secret value only shows once, make sure to copy it
5) Authorize user on your app (add claims)
6) Add Azure as an Authentication Provider through the AUTH_PROVIDERS System Parameter
Customize with the values from precedent steps (blue question marks)
[
{ "name": "simplicite", "type": "internal", "visible": true },
{
"name": "azuread",
"type": "oauth2",
"label": "Sign in with AzureAD (OAuth2)",
"client_id": "<REPLACE_CLIENT_ID>",
"client_secret": "<REPLACE_CLIENT_SECRET>",
"authorize_url": "<REPLACE_AUTHORIZE_URL>",
"token_url": "<REPLACE_AUTHORIZE_URL>",
"logout_url": "https://login.microsoftonline.com/common/oauth2/v2.0/logout",
"userinfo_url": "https://graph.microsoft.com/oidc/userinfo",
"userinfo_mappings": {
"login": "email"
},
"sync": true,
"visible": true
}
]
7) Implement some group attribution
PS: This step needs customization to fit to your own scenario
package com.simplicite.commons.Application;
import java.util.*;
import com.simplicite.util.*;
import com.simplicite.util.tools.*;
/**
* Platform Hooks
*/
public class PlatformHooks extends com.simplicite.util.engine.PlatformHooksInterface {
@Override
public void preLoadGrant(Grant g) {
if("azuread".equals(g.getSessionInfo().getProvider())){
String userId = Grant.getUserId(g.getLogin());
Grant.removeAllResponsibilities(userId);
Grant.addResponsibility(userId, "DEMO_ADMIN");
AppLog.info("Detected AzureAD login : " + g.getLogin() + " (" + userId + "). Forcing responsabilities.", null);
}
}
}