Versions Compared

Old Version 7

changes.mady.by.user Ricky Villa

Saved on

compared with

New Version 8

changes.mady.by.user Ricky Villa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. In Microsoft Azure dashboard search for "Azure AD B2C"

  2. Go to App Registration in the AD B2C page

  3. Click on the Endpoints tab and copy the "OpenID Connect metadata document" field and paste to "Discovery Endpoint" property in FIN

    1. Looks something like this but with your endpoint:

      Code Block
      https://login.microsoftonline.com/7776bac3-7777-4849-7777-777424998777/v2.0/.well-known/openid-configuration

  4. Then click on New registration tab in the dashboard to create a new registration if you don’t already have one.

    1. Name it whatever you want.

    2. We typically select the first option for the API access.

    3. The Redirect URI should be set to "Web" with the value being what is in the doc under the "Redirection URI" section. You can use your domain name here. Something like this:

      Code Block
      https://mydomainaddress/finOidc/redirect

    4. Register it once done.

  5. Then paste that URI host in the Host URI property in FIN

    1. Should look something like this:

      Code Block
      https://mydomainaddress/

  6. Then open that new or existing registration to copy the "Application (client) ID" and paste it to "Client ID" property in FIN.

    1. Should look something like this but with your client ID:

      Code Block
      77700777-07d3-7777-b7a2-7771c62de777

  7. Then create a client secret by clicking on the "Client Credentials" link in the dashboard or by clicking on “Certificates & secrets” option in the left menu.

    1. Then click on "New client secret", add description, and then Add

  8. Once client secret is created, copy the "Value" not "Secret ID" and paste that in the "Client Secret" in FIN.

    1. Should look like something below but with yours:

      Code Block
      7777Q7pZtF3awYq7777stF777iUZjAjAfn_87777

  9. Go back to the Azure dashboard to the "Token configuration" tab on the left side still under the registration view.

    1. Select "Add groups claim", tick all the boxes and Save.

  10. Then in FIN add "offline_access" to the list for the Scope property.

  11. Go to the Users → Groups in FIN to set up a default group. Create a Group called "default" (recommended). This is so that if the Azure user doesn’t belong to an existing Azure group, their permissions will default to this.

  12. Once done, add the default FIN group name in the "Group Default" property.
    Note: To add reference other groups, look at the Mapping users to groups section above.

  13. That is it, try it now.

  14. If you want to use the normal login without the Microsoft login redirect, the URL should be something like this: host:port/user/login

    Code Block
    http://localhost:8080/user/login