Versions Compared

Old Version 30

changes.mady.by.user Mont Rothstein

Saved on

compared with

New Version Current

changes.mady.by.user Mont Rothstein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Entra ID was formerly Azure AD

...

  1. Open the Azure Portal

  2. Navigate to Entra ID (formerly Azure Active Directory)

  3. App registrations

  4. New registration

  5. Name - Foray Adams WebAdmin, Foray Adams AdminWeb, or Foray Adams Clients

    This name is visible to end users. You may use a different name if you chose. If so you will need to identify that name later in these steps. You can change this name later.

  6. Supported account types: Accounts in this organizational directory only

  7. Redirect URI

    1. Adams Admin

      1. Web

      2. This URL will be provided by Foray. It will be similar to:
        Example

        Code Block
        https://web01.myagency.foray.com/AdamsAdmin/Account/Login

    2. Adams Web

      1. Web

      2. This URL will be provided by Foray. It will be similar to:
        Example

        Code Block
        https://web01.myagency.foray.com/AdamsWeb/Login.aspx

    3. Adams Clients

      1. Select "Public client/native (mobile & desktop)" from the dropdown

        1. Enter the value: 

          Code Block
          https://login.microsoftonline.com/common/oauth2/nativeclient

    4. Click Register

Configure Authentication

...

  1. Select the application to be configured

  2. Authentication

  3. For Adams Admin

    1. Front-channel Logout URL

      1. This URL is provided by Foray for logout. It will be similar to:

        Example

        Code Block
        languagexml
        https://web01.myagency.foray.com/AdamsAdmin/Account/AzureSingleSignOut

    2. Implicit grant and hybrid flows - check ID Tokens

  4. For Adams Web

    1. Click Add a platform

      1. Select Single-page application

      2. Enter the Redirect URI provided by Foray. It will be similar to:
        Example

        Code Block
        https://web01.myagency.foray.com/AdamsWeb/ApiRedirect.html

      3. Configure

    2. Front-channel Logout URL

      1. This URL is provided by Foray for logout. It will be similar to:
        Example

        Code Block
        https://web01.myagency.foray.com/AdamsWeb/Logout.aspx

    3. Implicit grant and hybrid flows

      1. Check Access tokens

      2. Check ID tokens

  5. Supported account types: Accounts in this organizational directory only

  6. Allow public client flows - Enable the following mobile and desktop flow

    1. Adams Admin and Adams Web: NO

    2. Adams Clients - YES

  7. Click Save

...

  1. Select the application to be configured

  2. API permissions

  3. Click Add a permission

  4. Click Microsoft Graph

  5. Select Delegated permissions

  6. Under Permission check "openid" - Required for authentication

  7. Under Permission check "profile" - Enables access to a user's name, userid, and other basic info.

  8. User.Read will already be checked, leave it checked - Required for authentication

  9. Adams Admin and Adams Web only

    1. Select Application permissions

    2. Navigate to and check "Directory.Read.All" - This provides access to groups so that privileges can be applied per group.

    3. Navigate to and check "User.Read.All" - This provides access to user info such as name and email.

  10. Adams Web only (added in 6.2)

    1. Select Application permissions

    2. Navigate to and check GroupMembercheck GroupMember.ReadWrite.All - This allows adding of external users to the external users group.

    3. Navigate to and check Usercheck User.Invite.All - This allows external user account to be created.

  11. Foray Adams Clients only

    1. Select Delegated permissions

    2. Navigate to and check "Directory.Read.All" - This provides access to list users in groups

  12. Click Add permissions

  13. Add API for Foray Adams Clients only - This can not be done until the Adams Web application registration is complete (all the way to the bottom of this KB)

    1. Click Add a permission

    2. Click APIs my organization uses (above Microsoft Graph)

    3. Select Foray Adams Web (the name used may be different)

    4. Check BridgeWebApi

    5. Check BridgeSignalR

    6. Click Add permissions

  14. Click Grant admin consent

    1. Select Yes

...

  1. Select the application to be configured

  2. Manifest

  3. Find and edit "groupMembershipClaims". Change null to "SecurityGroup" (including the quotes)

  4. Adams Admin and Adams Web Only

    1. Find and edit "signInUrl" (near bottom). Change null to the URL provided by Foray for the application. The quotes around the URL are necessary.

    Click Save


    1. Example Sign In URLs

      Code Block
    languagexml
    1. Ex1: "https://web01.myagency.foray.com/AdamsAdmin/"

Ex2: "https://web01.myagency.foray.com/AdamsWeb/"

  5. Click Save

Anchor
ExposeAPIStep
ExposeAPIStep
Expose API - Adams Web Only

...

  1. Navigate to Entra ID

  2. Select Enterprise applications

  3. Select the application

  4. Properties

  5. Enabled for users to sign-in? Yes

    If the system is not yet available this can be set to No. If so users added will not have access until this is changed to Yes.

  6. Logo - Use the following logos.

    1. Adams Admin 

    2. Adams Web Image Removed

      ForayAdamsWeb_256.pngImage Added

    3. Adams Clients (no logo necessary)

      For a background (corners) color other than white please contact Foray Support.

  7. User assignment required? No

  8. Visible to users?

    1. Adams Admin and Adams Web: Yes

      Yes means this application will show in the user's Access Panel for users that have access. No means it will not show in the user's Access Panel even for users that have access.

    2. Adams Clients: No - Client applications should not be visible in their Access Panel as there is no direct access to them.

  9. Click Save.

...

The Foray ADAMS applications are now configured. The next step is to send the Azure Entra ID Integration Client Data to Foray.