Page Comparison

This article covers connecting the Foray ADAMS solution to an Azure Active Directory (AD) domain. This connection allows users to login to the Foray ADAMS solution and also allows Foray ADAMS to perform queries necessary to enforce privileges for both data and features.

...

1. Open the Azure Portal

2. Navigate to Azure Active Directory

3. App registrations

4. New registration

5. Name - Foray Adams Web, Foray Adams Admin, or Foray Adams Clients
   
   This name is visible to end users. You may use a different name if you chose. If so you will need to identify that name later in these steps. You can change this name later.
   

6. Supported account types: Accounts in this organizational directory only

7. Redirect URI

   1. For Adams Admin and Adams Web - This is the URL provided by Foray for redirect. It will be similar to:

      Examples

      Code Block
      language xml
      Ex1: https://web01.myagency.foray.com/AdamsAdmin/Account/Login Ex2: https://web01.myagency.foray.com/AdamsWeb/Login.aspx

      
      

   2. For Adams Clients

      1. Select "Public client/native (mobile & desktop)" from the dropdown

      2. Enter the value: https://login.microsoftonline.com/common/oauth2/nativeclient

8. Click Register

...

1. Select the application to be configured

2. Authentication

3. Adams Web and Adams Admin only

   1. Inside "Web" section

   2. Logout URL

      1. For Adams Admin and Adams Web - This is the URL provided by Foray for logout. It will have the form:

         Examples

         Code Block
         language xml
         Ex1: https://web01.myagency.foray.com/AdamsAdmin/Account/AzureSingleSignOut Ex2: https://web01.myagency.foray.com/AdamsWeb/Logout.aspx

         
         

   3. Implicit grant - check ID Tokens

4. Supported account types: Accounts in this organizational directory only

5. Allow public client flows - Enable the following mobile and desktop flow

   1. Adams Admin and Adams Web: NO

   2. Adams Clients - YES

6. Click Save

...

1. Select the application to be configured

2. API permissions

3. Click Add a permission

4. Click Microsoft Graph

5. Select Delegated permissions

6. Under Permission check "openid" - Required for authentication

7. Under Permission check "profile" - Enables access to a user's name, userid, and other basic info.

8. User.Read will already be checked, leave it checked - Required for authentication

9. Adams Admin and Adams Web only

   1. Select Application permissions

   2. Navigate to and check "Directory.Read.All" - This provides access to groups so that privileges can be applied per group.

   3. Navigate to and check "User.Read.All" - This provides access to user info such as name and email.

10. Adams Web only (added in 6.2)

    1. Select Application permissions

    2. Navigate to and check GroupMember.ReadWrite.All - This allows adding of external users to the external users group.

    3. Navigate to and check User.Invite.All - This allows external user account to be created.

11. Foray Adams Clients only

    1. Select Delegated permissions

    2. Navigate to and check "Directory.Read.All" - This provides access to list users in groups

12. Click Add permissions

13. Add API for Foray Adams Clients only - This can not be done until the Adams Web application registration is complete

    1. Click Add a permission

    2. Click "APIs my organization uses" (above Microsoft Graph)

    3. Select Foray Adams Web (the name used may be different)

    4. Check BridgeWebApi

    5. Check BridgeSignalR

    6. Click Add permissions

14. Click Grant admin consent

    1. Select Yes

...

...