SSO with OpenID Connect (MS Azure AD sample)

Document created by lscaburri Employee on Mar 26, 2019
Version 1Show Document
  • View in full screen mode

The Scope of the current document is to provide an overview of the configuration needed in order to configure Azure AD application to SSO.

 

CONFIGURING OPENID CONNECT APPLICATION


In order to use BOARD SSO in the cloud with OpenID connect protocol a application endpoint must be created on the IdP directory.
The following sample is based on Microsoft AZURE AD.
The configuration must be done on the customer Azure AD.
1) On the AZURE Portal go under Azure AD page.
2) Click on the directory you need to grant access.
3) From the main menu select: App Registration
4) From the button menu choose: New Application registration
5)

 


In the create page:
1. Choose an application name. The name can be any name that can easily identify the application. Ex: Board Cloud.
2. Select Web app/API
3. Specify the url of the BOARD cloud instance you would like to connect.
4. Click on “create” button.

 


After the app creation you should see a page that list the app details.
Take note of the Application ID, you will need to sent it to BOARD support.

 

 

Open the settings page by clicking on the “settings” button.

 

 

Go under the menu keys.
Under Password:
1. Type description of the key
2. select from drop down list the desired key duration. Please note that if you choose 1 year or 2 year you will be responsible to provide an updated key to BOARD once it will expire.
3. Click on save
A key will be generated and displayed under Value column.
Copy this value end store somewhere. You have to send it to BOARD Cloud Operations Support.

 


Set the Reply URL

 


Uder settings, choose Reply URLs and change it accordingly to the following standard:
https://cloudinstance-xx.board.com/identity/openid
Please note to change the host name part (above in red) with the name of your BOARD cloud instance.

 

ENABLE BOARD CLOUD INSTANCE FOR SSO

Once finished, you have to send the Application ID and the key generated to BOARD Support with a ticket request than we will activate the service for the SSO method.
On customer request BOARD can disable the standard user and password authentication method.

 

ENABLE BOARD ON-PREMISE INSTANCE FOR SSO

OpenID configuration "openID.config" file is usually located under "C:\Program Files (x86)\Board\Board WebApi Server\App_Data\config"
By default the configuration file is empty. Below a standard configuration for AAD:

 

<openIDconfigurations>

    <add key="azureAD" caption="SSO Login" clientId="XXXXXXXXXXXXXXXXXXXX" clientSecret="XXXXXXXXXXXXXXX" authority="https://login.microsoftonline.com/XXXXXXXXXXXXXX"  redirectUri="https://myserver.board.com/identity/azuread/" postLogoutRedirectUri="https://myserver.board.com/" incomingClaimType="upn"/>

</openIDconfigurations>

1 person found this helpful

Attachments

    Outcomes