SSO via Office 365

Use single sign-on via Microsoft Office 365 to log in to your Enginsight installation.

Register Enginsight in Azure AD

First, register Enginsight as a new APP in your Azure Active Directory. To do this, you can simply follow the step by step instructions from Microsoft.

How to register an app in Microsoft Entra ID - Microsoft identity platformMicrosoftLearn

As shown in the screenshot, add a redirect URL and complete it with your API domain.

After you have successfully registered Enginsight, you only need to add your clientId, clientSecret or clientCertificate to the Enginsight configuration.

Customizing the Enginsight configuration

If you modify a configuration file on the application server, setup.sh must always be executed subsequently. Only then will the settings take effect.

Open the configuration file in an editor of your choice, for example nano.

sudo nano /opt/enginsight/enterprise/conf/services/config.json

In the "microsoftAuthenticationLibrary" section, enter the data from your Azure AD.

"microsoftAuthenticationLibrary": [{
    "scope": "\\@.*",
    "clientId": "",
    "clientSecret": "",
    "clientCertificate": {
      "thumbprint": "",
      "privateKey": ""
    },
    "authority": "https://login.microsoftonline.com/<TENANT_ID>"
  }],

The scope allows you to restrict the configuration to a specific AD domain. In most cases, no restriction will be necessary and you will not need to adjust the value.

You get the clientId from your Azure AD, also called applicationId there.

The same applies to clientSecret.

As an alternative to clientSecret, you can also work with a clientCertificate. Please follow the Microsoft documentation to issue a certificate.

The TENANT_ID is your Azure AD directoryId

Example of a correct configuration:

"microsoftAuthenticationLibrary": [{
    "scope": "\\@.*",
    "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "clientSecret": "xxxxx~xxxxxxxxx.xxxxxxxxx",
    "authority": "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
  }],

Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).
Open /opt/enginsight/enterprise/conf/ui-m1/environment.js
Enter the following line in the "var ENV = {" section:

loginVia: ['ssoOffice365', 'usernamePassword'],


The entire script should now look like this:


module.exports = function (environment) {
  var ENV = {
    loginVia: ['ssoOffice365', 'usernamePassword'],
    hinting: true,
    modulePrefix: 'ngs-ui-m1',
    environment: environment,
    rootURL: '/',
    locationType: 'auto',
    recaptchaKey: '',
    EmberENV: {
      FEATURES: {}
    },

    APP: {}
  };

  ENV.apiDomain = '%%API_URL%%';
  ENV.onpremise = {
    version: 1
  };

  return ENV;
};

Navigate to /opt/enginsight/enterprise

sudo ./setup.sh

Please note that all users for whom the SSO is to take effect must first be created in the Enginsight app under Settings // Team members.

After successful setup, simply select the appropriate authentication method and log in with your mail address.

After successfully testing authentication via SSO, you can disable the standard login for your on-premises instance. To do this, proceed as follows:

Open the configuration file in an editor of your choice, for example nano.
```
sudo nano /opt/enginsight/enterprise/conf/ui-m1/environment.js
```
Change the third line to:
```
loginVia: ['ssoOffice365'],
```
Save the new configuration file (Ctrl+o) and confirm the save process. Close nano (Ctrl+x).
Navigate to /opt/enginsight/enterprise
```
sudo ./setup.sh
```

Previous2-Factor Authentication NextStorage Times

Last updated 4 months ago

Was this helpful?

hashtagRegister Enginsight in Azure AD

hashtagCustomizing the Enginsight configuration

hashtagLogin via Microsoft Office 365

hashtagDisabling the default login

Register Enginsight in Azure AD

Customizing the Enginsight configuration

Login via Microsoft Office 365

Disabling the default login