Versions Compared

Old Version 1

changes.mady.by.user Steve Palm

Saved on

compared with

New Version Current

changes.mady.by.user Jeoff Dafforn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

If you have licensed the SSO add-on from iRely, then you need to do the following to get it configured for your instance of iRely i21. Please note, Azure Active Directory has been renamed to Microsoft Entra ID.

Below are the 3 steps that are required.

Step 1 - Create an i21 Azure Group (User Role

Azure Active Directory Setup (AAD)

...

)

This group will contain users that will have access to i21 and will serve as their user role.

  1. Log into your Azure Portal as an Administrator.
    1. https://portal.azure.

...

    1. com/
  2. Select Microsoft Entra ID (previously named Go to  Azure Active Directory).
    1. Image RemovedImage Added
  3. Click Groups
    1. Image RemovedImage Added 
  4. Click New group
    1. Image Removed
    2. Image Added 
  5. Enter the following for the New GroupIn New Group form, enter the following:
    1. Group type = Securityunmigrated-wiki-markup

    2. Group

      name

      =

      *

      i21:

      \

      [i21UserRole

      \

      ]

      *unmigrated-wiki-markup

      1. Replace *\ [i21UserRole\] * with any roles from i21. E.g.  {*}i21:PETRO ADMIN{*}. Anything after "i21:" will be the role of the users in this group.
    3. Group description = The group descriptionEnter any description you want for this group.
    4. Membership type = Assigned
    5. Under Members, click No members selected hyperlink then add members/users.
    6. Click Create
    7. Image Removed

App Registration

    2. Image Added
  2. Add all of the 365 accounts that correspond to the active i21 users.
    1. Image Added

Step 2 - App Registration

  1. Select
  2. Go to Azure Active Directory
  3. Click App registrations then New registration.
    1. Image RemovedImage Added 
  4. In In the Register an application form, enter the following:
    1. Name = iRely i21
    2. Supported account types = Accounts in this organizational directory only (single tenant)
    3. Important: Follow the steps below depending on what version of iRely i21 you are running..
      1. iRely i21 version 23.1 and Prior:
        1. Redirect URI (web) = The URL of the i21 plus /identityserver
      /
        1. E.g. https://helpdesk.irely.com/identityserver
      /Image Removed
      2. iRely i21 version 24.1 and newer:
        1. Redirect URI (web) = The URL of the i21 plus /signin-oidc
        2. E.g. https://helpdesk.irely.com/signin-oidc
      3. Note: This is case sensitive.
    4. Click Register
    5. Image RemovedImage Added
  5. Go back to App registrations then and select the app that you have just created (iRely i21)
  6. Click Certificates & secrets then and create a secret Secret
    1. Important: Make sure you copy the "value" field of the client secret value and save it locally because you won't be able to read it again after you leave this page. 
    2. Image Added 
    3. Image Removed
    4. Copy the secret
  7. Under API permissions, verify that the following are present especially those underlined ones. If not, add those permissions.
    1. Image Removed

web.config

  1. Open web.config
  2. Goto Azure Active Directory
  3. Copy the values from the iRely i21 app to the web.config
    1. Image Removed
    2. Image Removed
    3. Image Removed
    4. Image Removed

Mapping existing i21 users to Azure Active Directory users

  1. Login as "security" or login using an admin user
  2. Go to System Manager → Users
  3. On Search Users screen, click Map Active Directory Users
  4. On Map Active Directory Users screen, click Template. This will download the template for mapping users.
  5. Open the template map_activedirectory_users_template.csv
    1. on i21UserName column, enter the username of the i21 user that you want to map to an Azure AD user
    2. on ExternalUserName column, enter the email/username of the Azure AD user that you want to map to an i21 user (i21UserName)
      1. Repeat these steps for multiple user mapping
      2. Note: i21UserName and ExternalUserName are case sensitive
    3. Save the file
  6. On Map Active Directory Users screen, click Browse... and search for the template then click Map
  7. That should map all the users you entered in the temple
    1. Image Removed

...

    1. Group.Read.All
    2. User.Read.All
    3. Image Added 
  2. Under Authentication, make sure the Access Tokens and ID Tokens checkboxes are checked.
    1. Image Added
  3. Ensure your Web Redirect URIs are correct.
    1. Image Added

Step 3 - Send the following details to iRely

  1. Go to Azure Active Directory
  2. Select App registrations and select iRely i21 from the list.
    1. Image Added 
  3. Copy the following values from the Overview and Certificates & secrets section and provide them to iRely in your help desk ticket.
    1. See below screenshots for more details on where to find these values. 
    2. Application (client) ID
    3. Directory (tenant) ID
    4. Secret 
      1. Image Added
    5. The Secret value is what you saved to text in the above steps.
      1. Image Added