Configure Azure AD to OpenID connect with Smart Materials Web - Version 2020 (10.0) - Hexagon

Smart Materials Web Installation (10.2)

Language
English
Smart Materials/Smart Reference Data Version
10.2

As an alternate to OKTA, Microsoft Azure can be used for OpenID connection to Smart Materials Web.

Prerequisites

Are certificates imported? (multiple needed)

  • Login.microsoftonline.com

  • https:/graph.microsoft.com/oidc/userinfo

Download the root certificate from above page as described under:

Download HTTPS-Certificate from OKTA Server

Hint for known errors

If not configured, OpenID fails and no log file is written.

Configuration

  1. Create an APP Registration at:

    https://portal.azure.com/#home

    ConfAzureAD01

  2. Click New registration to create a new registration.

    ConfAzureAD02

  3. On the Register an application page, type the Name, and select the Supported account type which fits your company needs, and click Register.

    ConfAzureAD03

  4. Note down your Application (client) ID, this is needed in the Smart Materials Web OpenID configuration.

    ConfAzureAD04

  5. On the left side bar menu under Manage, click Authentication, click Add a Platform and choose Web.

    ConfAzureAD05

  6. Fill the mask for Redirect URIs with you tomcat server callback url:

    https://your.tomcatserver.com:8443/ords/apex_authentication.callback

  7. Select ID tokens and click Configure.

    ConfAzureAD06

  8. On the left side bar menu under Manage, click Certificates & secrets to add a new secret configuration for OpenID configuration.

  9. Type a Description and select an Expires time which fits your company needs.

    ConfAzureAD07

  10. Copy the value to your clipboard.

    This is the secret you need to add in the OpenID configuration page in Smart Materials Web.

    You cannot do this later again until you create a new secret.

    ConfAzureAD08

  11. On the left side bar menu under Manage, click API Permissions.

  12. Click Add a permission and select Microsoft Graph.

    ConfAzureAD09

  13. Select Delegated permissions and pick OpenId permissions > email, openid and profile.

    ConfAzureAD09

  14. On the left side bar menu under Manage, click App roles.

  15. Click Create app role, type the Display name, select Users/Groups from the Allowed member types options, type a Value and a Description.

    ConfAzureAD11

  16. Click Overview and Endpoints, and copy the OpenID Connect metadata document URL.

    ConfAzureAD12

  17. In Smart Materials Web, open the Administration > Open ID Administration page, and enter Client ID (determined in step 4), Client Secret (determined in step 10), and Url (determined in step 16).ConfAzureAD13

    For more information see Open ID Configuration.