Versions Compared

Old Version 1

changes.mady.by.user Steve Palm

Saved on

compared with

New Version 2

changes.mady.by.user Steve Palm

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Below are the steps to setup your Azure Active Directory

...

to work with i21.

Step 1 - Create an i21

...

Azure Group (role)

This group will contain users that will have access to i21 and will serve as their user role.

  1. Go to Log into your Azure Active Directory
    1. https://portal.azure.com/ 
  2. Click Groups
  3. Click New group
  4. In Enter the following for the New Group form, enter the following:
    1. Group type = Security
    2. Wiki Markup
      Group name = *i21:\[i21UserRole\]*
      1. Wiki Markup
        Replace *\[i21UserRole\]* with any roles from i21. E.g. {*}i21:PETRO ADMIN{*}. Anything after "i21:" will be the role of the users in this group.
    3. Group description = The group description
    4. Membership type = Assigned
    5. Under Members, click No members selected hyperlink then add members/users.
    6. Click Create

Step 2- App Registration

  1. Go to Azure Active Directory
  2. Click App registrations then New registration
    1. Image RemovedImage Added
  3. In In the Register an application form, enter the following:
    1. Name = iRely i21
    2. Supported account types = Accounts in this organizational directory only (single tenant)
    3. Redirect URI (web) = The URL of the i21 plus identityserver/. E.g. https://helpdesk.irely.com/identityserver/Image Removed
    4. Click Register
    5. Image RemovedImage Added
  4. Go back to App registrations then and select the app that you have just created (iRely i21)
  5. Click Certificates & secrets then and create a secret Secret
    1. Image Modified
    2. Copy the secret
  6. Under API permissions, verify that the following are present especially those underlined ones. If not, add those permissions.
    1. Image Modified

web.config

...



Step 3 - Send the following details to iRely

  1. Goto Azure Active Directory
  2. Copy the values from the iRely i21 app to the web.config
    1. Image Modified
    2. Image Modified



Step 4 - Mapping existing i21 users to Azure Active Directory users

  1. Login as "security" or login using an admin user
  2. Go to System Manager →  Users
  3. On Search Users screen, click Map Active Directory Users
  4. On Map Active Directory Users screen, click Template. This will download the template for mapping users.
  5. Open the template map_activedirectory_users_template.csv
    1. on i21UserName column, enter the username of the i21 user that you want to map to an Azure AD user
    2. on ExternalUserName column, enter the email/username of the Azure AD user that you want to map to an i21 user (i21UserName)
      1. Repeat these steps for multiple user mapping
      2. Note: i21UserName and ExternalUserName are case sensitive
    3. Save the file
  6. On Map Active Directory Users screen, click Browse... and search for the template then click Map
  7. That should map all the users you entered in the temple
    1. Image Modified
  8. Note: If for some reason the app redirects you to the same login page, check that the IIS application path is the same as the one you entered on the ApplicationPath and on the AzureADRedirectUri field (case sensitive).
    Example:
    1. Image Modified
  9. The IIS application is BoldBIi21 and so the ApplicationPath must be the same and AzureADRedirectUri must be something like https://qc.irely.com/

...

  1. iRelyApp/identityserver/

...

  1. .
    1.   Image Modified
    2. The same URI must be configured in Azure Active Directory Redirect URIs

...

    1. .