Configuring OpenID Connect confidential client in Azure AD - HxGN EAM - 12.0.1 - Feature Briefs - Hexagon

HxGN EAM OpenID Connect
Language
English
Product
HxGN EAM
Search by Category
Feature Briefs
HxGN EAM Version
12.0.1

This section details the configuration required for creating an OpenID Connect client in Azure AD.

  1. Log in to the Azure Portal as a global administrator.

  2. Navigate to the App registrations section.

  3. Click on the New registration at the top to register an application.

  4. Provide an appropriate name and choose the appropriate account type.

  5. In the Redirect URI option, Select Web as the platform and provide a redirect uri. This could be something like <protocol>://<eam-server>/axis/services/EWSConnector. This will be the URI to which the authentication request will be redirected to along with an authorization code in the authorization code grant flow of OpenID Connect.

  6. Click the Register button, to register the application. This will generate the Client ID.

    SHARED Tip Make note of the Client ID for later reference.

  7. Select Certificates & secrets link.

  8. Click on the New client Secret link to generate a new secret.

    SHARED Tip Make note of the generated Client Secret value.

  9. Click the API permissions from the list of menus on the left.

  10. Make sure that the User.Read permission of Microsoft Graph API is added. If not, click Add a Permission and add the User.Read permission of Microsoft Graph API.

  11. Click the Grant Admin Consent for Default Directory. This allows the application to access the user information.

  12. Navigate to the Token configuration menu on the left.

  13. Click the Add optional claim link and select the Token Type as ID.

  14. Select email, given_name and upn check boxes from the list of claims, and then click the Add button at the bottom.

  15. Select the Turn on the Microsoft Graph email, profile permission check box, and then click Add.

  16. Go to the Api Permissions menu, and then select the Grant Admin Consent for Default Directory to grant admin consent for the newly added permissions.

  17. Go to the Overview menu and select the End Points and copy the OpenID Connect metadata document url. Replace the string common with the directory id of the application. The directory id can be found in the Overview menu.

    So, if the OpenID Connect metadata document url is https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration and the directory id is bdaf5531-791a-46ca-8200-574f909, the metadata url will be https://login.microsoftonline.com/bdaf5531-791a-46ca-8200-574f909/v2.0/.well-known/openid-configuration.