# SSO via Office 365 ## Register Enginsight in Azure AD First, register Enginsight as a new APP in your Azure Active Directory. To do this, you can simply follow the step by step instructions from Microsoft. {% embed url="" %} {% hint style="warning" %} As shown in the screenshot, add a redirect URL and complete it with your API domain. {% endhint %}
After you have successfully registered Enginsight, you only need to add your `clientId`, `clientSecret` or `clientCertificate` to the Enginsight configuration. ## Customizing the Enginsight configuration {% hint style="warning" %} If you modify a **configuration file** on the application server, **setup.sh** must always be executed subsequently. Only then will the settings take effect. {% endhint %} 1. Open the configuration file in an editor of your choice, for example nano. ``` sudo nano /opt/enginsight/enterprise/conf/services/config.json ``` 2. In the "microsoftAuthenticationLibrary" section, enter the data from your Azure AD. ``` "microsoftAuthenticationLibrary": [{ "scope": "\\@.*", "clientId": "", "clientSecret": "", "clientCertificate": { "thumbprint": "", "privateKey": "" }, "authority": "https://login.microsoftonline.com/" }], ``` The `scope` allows you to restrict the configuration to a specific AD domain. In most cases, no restriction will be necessary and you will not need to adjust the value. You get the `clientId` from your Azure AD, also called applicationId there. The same applies to `clientSecret`. As an alternative to `clientSecret`, you can also work with a `clientCertificate`. Please follow the Microsoft documentation to issue a certificate. The TENANT\_ID is your Azure AD directoryId **Example of a correct configuration:** ``` "microsoftAuthenticationLibrary": [{ "scope": "\\@.*", "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx", "clientSecret": "xxxxx~xxxxxxxxx.xxxxxxxxx", "authority": "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx" }], ``` 3. Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x). 4. Open /opt/enginsight/enterprise/conf/ui-m1/environment.js 5. Enter the following line in the "var ENV = {" section: ``` loginVia: ['ssoOffice365', 'usernamePassword'], The entire script should now look like this: module.exports = function (environment) { var ENV = { loginVia: ['ssoOffice365', 'usernamePassword'], hinting: true, modulePrefix: 'ngs-ui-m1', environment: environment, rootURL: '/', locationType: 'auto', recaptchaKey: '', EmberENV: { FEATURES: {} }, APP: {} }; ENV.apiDomain = '%%API_URL%%'; ENV.onpremise = { version: 1 }; return ENV; }; ``` 6. Navigate to /opt/enginsight/enterprise ``` sudo ./setup.sh ``` ## Login via Microsoft Office 365 {% hint style="info" %} Please note that all users for whom the SSO is to take effect must first be created in the Enginsight app under Settings // Team members. {% endhint %} After successful setup, simply select the appropriate authentication method and log in with your mail address. ## Disabling the default login After successfully testing authentication via SSO, you can disable the standard login for your on-premises instance. To do this, proceed as follows: 1. Open the configuration file in an editor of your choice, for example nano. ``` sudo nano /opt/enginsight/enterprise/conf/ui-m1/environment.js ``` 2. Change the third line to: ``` loginVia: ['ssoOffice365'], ``` 3. Save the new configuration file (Ctrl+o) and confirm the save process. Close nano (Ctrl+x). 4. Navigate to /opt/enginsight/enterprise ``` sudo ./setup.sh ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.enginsight.com/docs/manual/english/on-premises/configuration/sso-via-office-365.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.