Articles in this section

See more

Enabling OIDC on an Adaptiva Server

Avatar
Camille Hansen
  • Updated
Follow

The Adaptiva Server supports using OIDC to log in with your IAM account. In the example below, we use Microsoft Entra ID (formerly Azure Active Directory) as the IAM provider. Other IAM providers (such as Okta) may also be used.

Note

If you have already enabled OIDC and will be upgrading to the 9.3 build, see the [Update OIDC Configuration after upgrade to build 9.3] section to update your configuration.

Prerequisites

Before enabling OIDC on an Adaptiva Server, verify the following items:

  • IAM provider supports OpenID Connect.

  • Adaptiva OneSite Admin Portal can be accessed using a URL from a browser.

  • TLS is enabled (by default). The URL begins with https://.

  • Adaptiva Server is upgraded to 9.1 or 9.2.

Create an App Registration for the Adaptiva Server

Create an App Registration for your Adaptiva Server using the following steps:

  1. Log in to Microsoft Azure as a Global Admin or a delegate with App Registration permissions.

  2. Enter App Registration in the Search field at the top of the Welcome to Azure! dialog, and then select App registrations from the modal dialog that appears.

  3. Select New Registration.

    OS-Plat-Plan-Azure-newregistration.png

  4. Enter a user-friendly Name for the application you are creating.

    OS-Plat-Plan-Azure-registerapp.png

  5. Select the appropriate setting in the Supported account types section. Typically, you would select Accounts in this organizational directory only.

  6. Set up the URIs:

    1. Select Select a platform. If using build 9.1 or 9.2, select Single-page application (SPA). If using build 9.3 or later, select Web.

    2. Enter the Adaptiva OneSite Admin Portal URL as shown in the following example:

      https://AdaptivaServerFQDN[:PORT]/login/oidc-redirect

      The <AdaptivaServerFQDN[:PORT]> is the name and port used to log in to the Adaptiva OneSite Admin Portal.

    3. Select Register.

    4. If using build 9.1 or 9.2, add another URI using the following steps:

      1. Select Authentication from the left pane.

      2. Select Add URI in the Single-page application section.

      3. Enter your Adaptiva OneSite Admin Portal URL into the respective field using the following format:

        https://AdaptivaServerFQDN[:PORT]/login/oidc-redirect/registration

      4. Select Save.

  7. If the server is accessed using other names, besides the AdaptivaServerFQDN, create the pair of URIs for each name you use.

Create a Client Secret

If using build 9.3 or later, complete the following steps:

  1. Select OS-Plat-Plan-AppRegister-keyicon.png Certificates & Secrets on the far-left action pane.

  2. Select + New client secret, under Client secrets on the Clients & secrets page:

    OS-Plat-Plan-AppRegister-Client_secrets.png

  3. Enter a description in the Description field on the Add a client secret dialog, and then select the appropriate expiration timeframe based on the security guidelines of your company.

    OS-Plat-Plan-AppRegister-AddClientSecret.png

  4. Select Add to return to the Clients & secrets page.

    Important

    There can only be two client secrets. You may delete or recreate secrets.

  5. Record the value of the secret to use in the Adaptiva OneSite Admin Portal. This secret value never displays again after you leave this page.

    Tip

    Create a reminder on your calendar to create a new App secret before the secret expires.

Gather Integration Details for Adaptiva

After creating and configuring the app registration for the IAM service, gather the details required to complete the integration in the Adaptiva OneSite Admin Portal.

  1. Select Overview in the left-side pane.

    OS-All-OIDC-RecordIDs.png

  2. Record the Application (client) ID and the Directory (tenant) ID.

  3. If using build 9.3 or later, record the Client Secret that you created.

  4. Continue to Create an OIDC Provider.

Create an OIDC Provider

  1. Log in to the Adaptiva OneSite Admin Portal as a Super Admin.

  2. Select OS-AP-GearIcon.png on the upper right, and then navigate to Settings > Security > OIDC Providers.

    This opens the OIDC Providers workspace.

  3. Select +New to open a new OIDC Providers template, and then configure the following General Settings:

    1. Enter a client-facing Name (such as Azure ID, Entra ID, or Okta ID) for the OIDC Provider, and then add a detailed Description.

    2. (Optional) Add a logo for the OIDC provider.

      Note

      For best results, upload a PNG logo file that is at 65px by 65px square image.

  4. Scroll down to OIDC Settings and add the details provided by the Global Admin:

    OS-All-OIDC-EnterIDs.png

    1. Enter the Tenant URL in the Authority field using the following format:

      https://login.microsoftonline.com/<tenantID>/v2.0

    2. Enter the Application (client ID) in the Client ID field.

      Note

      The <tenant id> is the Directory (tenant) ID and the client ID is the Application (client id) that can be found in the [Gather Integration Details for Adaptiva] section.

    3. If using build 9.3 or later, use the following steps to apply the Client Secret that you received from the Azure Global Admin:

      1. Select the Client Authentication Type from the dropdown menu, and then select Client Secret (Post).

      2. Enter the Client Secret into the respective field.

      3. Select Save.

  5. Create and Invite a User to complete the user registration.

Create an Administrator Account

After creating the OIDC Provider, register users as an Adaptiva Administrator using the following steps:

  1. Log in to the Admin Portal as a Super Admin.

  2. Select the OS-AP-GearIcon.png, and then navigate to Settings > Security > Administrators.

  3. Select +New to open the Administrator template.

  4. Create an Administrator account in the open template, using the following steps:

    1. Add the following admin details in the Administrator Details section:

      1. Select the Admin Type dropdown menu, and then select OpenID Connect.

      2. Enter the email address for the user you are creating. The Admin Portal uses this address to send an email invitation to the user, and to match the user with their IAM service identity.

      3. Select Browse under OIDC Provider, and then select the OIDC Provider you created.

    2. Enter the first and last name of the user in the User Details section. Include any additional information on the user as needed.

    3. Select Save.

  5. Select the More dropdown menu, and then select Invite to send an invitation email to the user. Refer to the account activation for information on what the invite user will see.

Complete Account Registration

After receiving the invitation email, the user can complete the account registration using the following steps:

  1. Select Register Account in the email. This takes the user to the IAM service login page.

    OS-Plat-Plan-Azure-accountactivation.png

    Note

    If the user is not already logged in, the IAM prompts them to log in.

  2. Log out of the Admin Portal, and then relaunch the portal from your browser.

    The Adaptiva Login screen now lists the new login selection for the OIDC Provider.

    OS-All-OIDC-AdmiPortalLoginPage.png

  3. Select the new login selection to log into the Adaptiva portal using your IAM credentials.

Updating OIDC Configuration After Upgrading to Build 9.3

If you have upgraded to build 9.3 or later and have already configured OIDC, the following steps must be completed by the Azure Global Admin or a delegate to update your configuration.

Update the App Registration

  1. Log in to the Azure Portal as a Global Administrator or with rights for App Registrations.

  2. Select App Registrations.

  3. Locate and select the App Registration created for Adaptiva.

  4. Select Authentication.

  5. Select KB-Enable-OIDC-TrashCanIcon.png on the upper-right of the Single-page application section to delete all Redirect URIs.

    KB-Enable-OIDC-SinglepageApp.png

  6. Select Delete to confirm the deletion.

Create a Platform Configuration

  1. Select + Add a platform.

  2. Select Web.

  3. Enter the following URI in the Redirect URI field:

    https://AdaptivaServerSetup.exeFQDN:[Port]/login/oidc-redirect

  4. Select Configure.

Create a Client Secret

Follow the steps in the [Create a Client Secret] of this KB article.

Update the OIDC Configuration

The following steps must be completed by the Adaptiva Administrator:

  1. Log in to the Adaptiva OneSite Admin Portal.    

  2. Navigate to 3412_spr.png > Security > OIDC Providers.

  3. Select the OIDC Provider that you created.

  4. Select the Client Authentication Type in the OIDC Settings section, and then select Client Secret (Post).

  5. Enter the Secret you received from the Azure Global Admin into the Client Secret field.

    The Show Secret button appears after you enter the Secret into the Client Secret field.

  6. Select Save.

Related articles

Comments

0 comments

Please sign in to leave a comment.