This article covers connecting the Foray ADAMS solution to an Azure Active Directory (AD) domain. This connection allows users to login to the Foray ADAMS solution and also allows Foray ADAMS to perform queries necessary to enforce privileges for both data and features.
...
Open the Azure Portal
Navigate to Azure Active Directory
App registrations
New registration
Name - Foray Adams Web, Foray Adams Admin, or Foray Adams Clients
This name is visible to end users. You may use a different name if you chose. If so you will need to identify that name later in these steps. You can change this name later.Supported account types: Accounts in this organizational directory only
Redirect URI
Adams Admin
Web
This URL will be provided by Foray. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsAdmin/Account/Login
Adams Web
This URL will be provided by Foray. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsWeb/Login.aspx
Adams Clients
Select "Public client/native (mobile & desktop)" from the dropdown
Enter the value: https://login.microsoftonline.com/common/oauth2/nativeclient
Click Register
...
Select the application to be configured
Authentication
For Adams Admin
Front-channel Logout URL
This URL is provided by Foray for logout. It will be similar to:
Example
Code Block language xml https://web01.myagency.foray.com/AdamsAdmin/Account/AzureSingleSignOut
Implicit grant and hybrid flows - check ID Tokens
For Adams Web
Click Add a platform
Select Single-page application
Enter the Redirect URI provided by Foray. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsWeb/ApiRedirect.html
If prompted, choose to migrate the URI for use with SPA and MSAL.js 2.0Configure
Front-channel Logout URL
This URL is provided by Foray for logout. It will be similar to:
ExampleCode Block https://web01.myagency.foray.com/AdamsWeb/Logout.aspx
Implicit grant and hybrid flows
Check Access tokens
Check ID tokens
Supported account types: Accounts in this organizational directory only
Allow public client flows - Enable the following mobile and desktop flow
Adams Admin and Adams Web: NO
Adams Clients - YES
Click Save
...
Select the application to be configured
Certificates & secrets
Click New client secret
Description: For MS Graph access
Expires: Never This may no longer be an option. If not choose Choose a time frame and set yourself a reminder to renew. Foray will need a new secret before this secret expires.
Click Add
Copy the secret value
This value must be provided to Foray
...
Select the Foray Adams Clients application (the registered name may be different)
Select Overview
Point at the the Application (client) ID, an icon will appear to the left of the value, click the icon to copy.
Navigate back to Azure AD
Select App registrations
Select the Foray Adams Web app registration (the registered name may be different)
Select Expose an API
Select Add a client application
In the Client ID box, paste the Foray Adams Clients' Application (client) ID copied earlier
Check both the BirdgeSignalR and BridgeWebApi scope boxes (these were created in the Expose API for Adams Bridge step)
Select Add application
If you have not yet registered Adams Web, Adams Admin, and Adams Clients then go back up to Register New Application.
...