The Scope of the current document is to provide an overview of the configuration needed in order to configure Azure AD application to SSO.
CONFIGURING OPENID CONNECT APPLICATION
In order to use BOARD SSO in the cloud with OpenID connect protocol a application endpoint must be created on the IdP directory.
The following sample is based on Microsoft AZURE AD.
The configuration must be done on the customer Azure AD.
1) On the AZURE Portal go under Azure AD page.
2) Click on the directory you need to grant access.
3) From the main menu select: App Registration
4) From the button menu choose: New Application registration
In the create page:
1. Choose an application name. The name can be any name that can easily identify the application. Ex: Board Cloud.
2. Select Web app/API
3. Specify the url of the BOARD cloud instance you would like to connect.
4. Click on “create” button.
After the app creation you should see a page that list the app details.
Take note of the Application ID, you will need to sent it to BOARD support.
Open the settings page by clicking on the “settings” button.
Go under the menu keys.
1. Type description of the key
2. select from drop down list the desired key duration. Please note that if you choose 1 year or 2 year you will be responsible to provide an updated key to BOARD once it will expire.
3. Click on save
A key will be generated and displayed under Value column.
Copy this value end store somewhere. You have to send it to BOARD Cloud Operations Support.
Set the Reply URL
Uder settings, choose Reply URLs and change it accordingly to the following standard:
Please note to change the host name part (above in red) with the name of your BOARD cloud instance.
ENABLE BOARD CLOUD INSTANCE FOR SSO
Once finished, you have to send the Application ID and the key generated to BOARD Support with a ticket request than we will activate the service for the SSO method.
On customer request BOARD can disable the standard user and password authentication method.
ENABLE BOARD ON-PREMISE INSTANCE FOR SSO
OpenID configuration "openID.config" file is usually located under "C:\Program Files (x86)\Board\Board WebApi Server\App_Data\config"
By default the configuration file is empty. Below a standard configuration for AAD:
<add key="azureAD" caption="SSO Login" clientId="XXXXXXXXXXXXXXXXXXXX" clientSecret="XXXXXXXXXXXXXXX" authority="https://login.microsoftonline.com/XXXXXXXXXXXXXX" redirectUri="https://myserver.board.com/identity/azuread/" postLogoutRedirectUri="https://myserver.board.com/" incomingClaimType="upn"/>