SSO via Office 365
Use single sign-on via Microsoft Office 365 to log in to your Enginsight installation.
Last updated
Use single sign-on via Microsoft Office 365 to log in to your Enginsight installation.
Last updated
First, register Enginsight as a new APP in your Azure Active Directory. To do this, you can simply follow the step by step instructions from Microsoft.
As shown in the screenshot, add a redirect URL and complete it with your API domain.
After you have successfully registered Enginsight, you only need to add your clientId
, clientSecret
or clientCertificate
to the Enginsight configuration.
If you modify a configuration file on the application server, setup.sh must always be executed subsequently. Only then will the settings take effect.
Open the configuration file in an editor of your choice, for example nano.
In the "microsoftAuthenticationLibrary" section, enter the data from your Azure AD.
The scope
allows you to restrict the configuration to a specific AD domain. In most cases, no restriction will be necessary and you will not need to adjust the value.
You get the clientId
from your Azure AD, also called applicationId there.
The same applies to clientSecret
.
As an alternative to clientSecret
, you can also work with a clientCertificate
. Please follow the Microsoft documentation to issue a certificate.
The TENANT_ID is your Azure AD directoryId
Example of a correct configuration:
Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).
Open /opt/enginsight/enterprise/conf/ui-m1/environment.js
Enter the following line in the "var ENV = {" section:
Navigate to /opt/enginsight/enterprise
Please note that all users for whom the SSO is to take effect must first be created in the Enginsight app under Settings // Team members.
After successful setup, simply select the appropriate authentication method and log in with your mail address.