Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ System Platform

TABLE OF CONTENTS

Configure Azure AD as an Identity Provider

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMay 19, 2022
  • 3 minute read

You can configure the AVEVA Identity Manager (AIM) to use Azure AD as an external identity provider. With Azure AD configured as the identity provider, users can use their Microsoft-managed web credentials to log into AIM. Before you can start using Azure AD, however, you must register the AIM server as an Azure AD application and configure it.

Register the AIM server as an Azure AD application

  1. Sign into the Azure AD home page: https://portal.azure.com.

  2. Select Manage Azure Active Directory (click the View button below the image), or type "Azure Active Directory" in the search box at the top of the page and select it from the list of services displayed.

  3. If necessary, select Manage tenants to create or switch tenants when the Azure AD Overview page opens.

  4. Select the Application Registration icon (at the bottom of the page) to register your AIM server as an application in the Azure Portal. (You can use the +Add button from the command bar, then select App registration instead of using the icon.)

    Embedded Image (65% Scaling) (LIVE)

  5. Enter a name for the application (user-facing display name) and select the account type (for example, single tenant or mult-tenant). Do not configure the Redirect URI at this time.

  6. Register the application.

Configure the Azure AD application

  1. When the application is registered, select Add a Redirect URI from the Essentials area of the page.

    Add Redirect URI

  2. Under Platform configurations, select Add a platform.

    Azure Portal - Add a platform

  3. In the Configure platforms pane, select Web.

  4. Enter the Redirect URIs in the format: https://{FQDN}/identitymanager/signin-azuread

    where FQDN is the fully qualified domain name (full computer name, in the format <computer name>.<domain>) of the machine where the AVEVA Identity Manager is installed. Note that the URL is case-sensitive and must match the case of the URL path of your application.

  5. Enter the Front-channel logout URL in the format: https://{FQDN}/identitymanager/signedout-callback-azuread

    where FQDN is the fully qualified domain name of the machine where the AVEVA Identity Manager is installed. Note that the URL is case-sensitive and must match the case of the URL path of your application.

  6. Allow the application to issue ID tokens by enabling both of the following:

    • Access tokens (used for implicit flows)

    • ID tokens (used for implicit and hybrid flows)

  7. Under Token configuration > Optional claims, select Add groups claim.

  8. In the Edit groups claim section, and add Security Groups.

    Azure AD: Add Security Groups

    This will add tokens for Group ID.

    TitleResults for “How to create a CRG?”Also Available in