Define settings for an Azure AD identity provider - Intergraph Smart Completions - Intergraph Smart Completions Update 17 - Installation & Upgrade

Intergraph Smart Completions Installation (5.3.17)

Language
English
Product
Intergraph Smart Completions
Search by Category
Installation & Upgrade
Smart Completions Version
5.3.17

To use Azure AD as the IdP for the API, you must update the following configuration files for the Smart Completions Smart API:

  • appsettings.json

  • sam.json

Some of the settings you simply need to verify, others you will have to add or change.

Update appsettings.json

  1. Open the appsettings.json file.

  2. Make sure the Hexagon.SmartAPI > Services section has the correct properties and values, such as UriPrefix, ServiceId, ServiceAudience, and ServiceSecret. For example:

    "Hexagon.SmartApi": {

    "Services": [

    {

    "UriPrefix": "smartapi/v1",

    "ServiceId": "<Server_Application_Id>",

    "ServiceAudience": "<Server_Application_Id>",

    "ServiceSecret": "",

    "InstanceName": "Windows-Instance"

    },

    {

    "UriPrefix": "DataLake/v1",

    "ServiceId": "<Server_Application_Id>"

    }

    ],

    }

  3. In the OAuth section, set the Issuer and UserNameClaim properties. For example:

    "OAuth": {

    "Issuer": "https://login.microsoftonline.com/<tenant-Id>/v2.0",

    "UserNameClaim":"preferred_username"

    }

    Issuer is the Issuer URL. You can find the issuer URL in the Azure Portal, on the App registrations page. It uses the format <authentication-endpoint>/<tenant-id>/v2.0, where:

    • authentication-endpoint - Set to https://login.microsoftonline.com.

    • tenant-id - The directory instance (tenant ID) where the app registration was created. This value is used to redirect users to the correct Azure AD tenant, as well as to download the metadata needed to determine the signing keys and issuer claim value for the token.

Update sam.json

  1. Open the sam.json configuration file, under the SC > Client path.

  2. Update the TokenIssuers section as needed. For example:

    {

    "TokenIssuers": [

    {

    "TokenIssuerUri": "https://login.microsoftonline.com/<tenant-Id>/v2.0",

    "Id": "<Client-Id>",

    "Secret": "<Client-secret>",

    "IsInternal": "false",

    "Scope": ""

    }

    ]

    }

    Where:

    • TokenIssuerUri - The Issuer URI provided in the Azure AD app registration definitions.

    • ID - The Client ID provided by Azure AD.

    • Secret - The Client secret from Azure AD.

    • IsInternal - Must be set to false.

    • Scope - The scope definition based on permissions, roles, or other criteria.