Page Comparison

This article covers connecting the Foray ADAMS solution to an Azure Active Directory (AD) domain. This connection allows users to login to the Foray ADAMS solution and also allows Foray ADAMS to perform queries necessary to enforce privileges for both data and features.

...

1. Open the Azure Portal

2. Navigate to Azure Active Directory

3. App registrations

4. New registration

5. Name - Foray Adams Web, Foray Adams Admin, or Foray Adams Clients
   
   This name is visible to end users. You may use a different name if you chose. If so you will need to identify that name later in these steps. You can change this name later.
   

6. Supported account types: Accounts in this organizational directory only

7. Redirect URI

   1. Adams Admin

      1. Web

      2. This URL will be provided by Foray. It will be similar to:
         Example

         Code Block
         https://web01.myagency.foray.com/AdamsAdmin/Account/Login

   2. Adams Web

      1. This URL will be provided by Foray. It will be similar to:
         Example

         Code Block
         https://web01.myagency.foray.com/AdamsWeb/Login.aspx

   3. Adams Clients

      1. Select "Public client/native (mobile & desktop)" from the dropdown

         1. Enter the value: https://login.microsoftonline.com/common/oauth2/nativeclient

   4. Click Register

...

1. Select the application to be configured

2. Authentication

3. For Adams Admin

   1. Front-channel Logout URL

      1. This URL is provided by Foray for logout. It will be similar to:

         Example

         Code Block
         language xml
         https://web01.myagency.foray.com/AdamsAdmin/Account/AzureSingleSignOut

   2. Implicit grant and hybrid flows - check ID Tokens

4. For Adams Web

   1. Click Add a platform

      1. Select Single-page application

      2. Enter the Redirect URI provided by Foray. It will be similar to:
         Example

         Code Block
         https://web01.myagency.foray.com/AdamsWeb/ApiRedirect.html

      3. If prompted, choose to migrate the URI for use with SPA and MSAL.js 2.0Configure

   2. Front-channel Logout URL

      1. This URL is provided by Foray for logout. It will be similar to:
         Example

         Code Block
         https://web01.myagency.foray.com/AdamsWeb/Logout.aspx

   3. Implicit grant and hybrid flows

      1. Check Access tokens

      2. Check ID tokens

5. Supported account types: Accounts in this organizational directory only

6. Allow public client flows - Enable the following mobile and desktop flow

   1. Adams Admin and Adams Web: NO

   2. Adams Clients - YES

7. Click Save

...

1. Select the application to be configured

2. Certificates & secrets

3. Click New client secret

4. Description: For MS Graph access

5. Expires: Never This may no longer be an option. If not choose Choose a time frame and set yourself a reminder to renew. Foray will need a new secret before this secret expires.

6. Click Add

7. Copy the secret value

8. This value must be provided to Foray

...

1. Select the Foray Adams Clients application (the registered name may be different)

2. Select Overview

3. Point at the the Application (client) ID, an icon will appear to the left of the value, click the icon to copy.

4. Navigate back to Azure AD

5. Select App registrations

6. Select the Foray Adams Web app registration (the registered name may be different)

7. Select Expose an API

8. Select Add a client application

9. In the Client ID box, paste the Foray Adams Clients' Application (client) ID copied earlier

10. Check both the BirdgeSignalR and BridgeWebApi scope boxes (these were created in the Expose API for Adams Bridge step)

11. Select Add application

If you have not yet registered Adams Web, Adams Admin, and Adams Clients then go back up to Register New Application.

...