Toolbox Enterprise Preview.11 Help

Microsoft Entra ID

Follow these guidelines to configure Microsoft Entra ID (Azure Active Directory) as an OAuth2 provider for your instance of Toolbox Enterprise.

Prerequisites

  • You have a valid Microsoft Entra ID account.

  • You have created an application.yaml file to configure your Toolbox Enterprise Server.

Add Toolbox Enterprise to Microsoft Entra ID

To enable authorization, the first step is to register Toolbox Enterprise in the Microsoft Entra admin center. For more details, refer to the Microsoft documentation.

  1. Open the Microsoft Entra admin center in your browser and log in using your account.

  2. From the main menu, go to Identity | Applications | App registrations.

  3. Click New registration.

  4. On the Register an application page, specify the following details:

    • Name: specify Toolbox Enterprise as an application name.

    • Supported account types: select who can use Toolbox Enterprise.

    • Redirect URI: select Web as a platform and enter the callback endpoint to redirect the end user - http://<toolbox_enterprise_server_domain.com>/api/login/authenticated

  5. Click Register.

Create a client secret

  1. Open the Toolbox Enterprise application overview in the Microsoft Entra admin center.

  2. From the menu on the left, select Certificates & secrets.

  3. Open the Client secrets tab and click New client secret.

  4. Provide a description for the client secret and select the expiration period.

  5. Click Add.

Configure Microsoft Entra ID in application.yaml

After adding Toolbox Enterprise to Microsoft Entra ID, you need to configure your application.yaml file and specify the OAuth2 provider properties there:

tbe: auth: login-url: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize" token-url: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token" jwt-certs-url: "https://login.microsoftonline.com/<tenant>/discovery/v2.0/keys" client-id: "your_identifier" client-secret: "your_password" required-scopes: [ "profile", "email", "openid" ] root-admin-emails: - "toolbox.admin@example.com"
login-url

Provide a URL for logging in via Microsoft Entra ID.

You can obtain this URL by clicking Endpoints on the application overview page in the Microsoft Entra admin center. Alternatively, you can request the Well-known configuration at https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration

token-url

Provide a URL for obtaining an authorization token on Microsoft Entra ID's side.

You can obtain this URL by clicking Endpoints on the application overview page in the Microsoft Entra admin center. Alternatively, you can request the Well-known configuration at https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration

jwt-certs-url

Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).

You can obtain this URL by clicking Endpoints on the application overview page in the Microsoft Entra admin center. Alternatively, you can request the Well-known configuration at https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration

client-id

Specify the public identifier for Toolbox Enterprise used in Microsoft Entra ID.

You can copy this value from the Application (client) ID parameter on the Toolbox Enterprise application overview page in the Microsoft Entra admin center.

client-secret

Specify the value of the client secret for Toolbox Enterprise that you created in Microsoft Entra ID.

required-scopes

Set the value to [ "profile", "email", "openid" ].

root-admin-emails

List emails of users that will receive admin rights.

Last modified: 16 April 2024
Amazon CognitoOkta