SSO via Office 365

Use single sign-on via Microsoft Office 365 to log in to your Enginsight installation.

Register Enginsight in Azure AD

First, register Enginsight as a new APP in your Azure Active Directory. To do this, you can simply follow the step by step instructions from Microsoft.

As shown in the screenshot, add a redirect URL and complete it with your API domain.

After you have successfully registered Enginsight, you only need to add your clientId, clientSecret or clientCertificate to the Enginsight configuration.

Customizing the Enginsight configuration

If you modify a configuration file on the application server, setup.sh must always be executed subsequently. Only then will the settings take effect.

Open the configuration file in an editor of your choice, for example nano.

nano /opt/enginsight/enterprise/conf/services/config.json

In the "microsoftAuthenticationLibrary" section, enter the data from your Azure AD.

"microsoftAuthenticationLibrary": [{
    "scope": "\\@.*",
    "clientId": "",
    "clientSecret": "",
    "clientCertificate": {
      "thumbprint": "",
      "privateKey": ""
    },
    "authority": "https://login.microsoftonline.com/<TENANT_ID>"
  }],

The scope allows you to restrict the configuration to a specific AD domain. In most cases, no restriction will be necessary and you will not need to adjust the value.

You get the clientId from your Azure AD, also called applicationId there.

The same applies to clientSecret.

As an alternative to clientSecret, you can also work with a clientCertificate. Please follow the Microsoft documentation to issue a certificate.

The TENANT_ID is your Azure AD directoryId

Example of a correct configuration:

"microsoftAuthenticationLibrary": [{
    "scope": "\\@.*",
    "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "clientSecret": "xxxxx~xxxxxxxxx.xxxxxxxxx",
    "authority": "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
  }],

Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).
Open /opt/enginsight/enterprise/conf/ui-m1/environment.js
Enter the following line in the "var ENV = {" section:

loginVia: ['ssoOffice365', 'usernamePassword'],


The entire script should now look like this:


module.exports = function (environment) {
  var ENV = {
    loginVia: ['ssoOffice365', 'usernamePassword'],
    hinting: true,
    modulePrefix: 'ngs-ui-m1',
    environment: environment,
    rootURL: '/',
    locationType: 'auto',
    recaptchaKey: '',
    EmberENV: {
      FEATURES: {}
    },

    APP: {}
  };

  ENV.apiDomain = '%%API_URL%%';
  ENV.onpremise = {
    version: 1
  };

  return ENV;
};

Navigate to /opt/enginsight/enterprise

./setup.sh

Please note that all users for whom the SSO is to take effect must first be created in the Enginsight app under Settings // Team members.

After successful setup, simply select the appropriate authentication method and log in with your mail address.

Previous2-Factor Authentication NextStorage Times

Last updated 10 months ago

Was this helpful?

Register Enginsight in Azure AD

Customizing the Enginsight configuration

Login via Microsoft Office 365

Register Enginsight in Azure AD

Customizing the Enginsight configuration

Login via Microsoft Office 365