FFAStrans wiki

User Tools

Site Tools

Trace: custom_processors
webinterface:azure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
webinterface:azure [2024/11/21 11:10] – created thomasnwebinterface:azure [2024/11/21 11:21] (current) thomasn
Line 40: Line 40:
 The app roles created here will eventually become the groups used in the web interface to manage a users permissions. The app roles created here will eventually become the groups used in the web interface to manage a users permissions.
 When creating the roles the 'Display Name' and 'Value' should match. When creating the roles the 'Display Name' and 'Value' should match.
-Once the roles are generated inside 'Users and Groups' specific users and groups can be assigned these roles depending on how much permissions you wish to grant.+Once the roles are generatedinside 'Users and Groups' specific users and groups can be assigned these roles depending on how much permissions you wish to grant.
  
 **Properties:** **Properties:**
Line 49: Line 49:
 ==== Configuration inside Web Interface:====  ==== Configuration inside Web Interface:==== 
  
 +Once the Azure steps are completed the FFAStrans configuration can be updated with your information via the Azure Setup buttion in Settings -> WebUI
 +
 +{{:webinterface:azuresetup.png?400|}}
 +
 +  * ClientId: can be found in the app regsitration homepage in Azure.
 +  * ClientSecret: the generated secret value earlier in the Azure setup.
 +  * Authority: https://login.microsoftonline.com/ followed by your tennant guid found on the app registration homepage in Azure.
 +  * RedirectUri: the URI you configured in the Azure setup process.
 +  * Proxy: if your company uses a proxy to access the microsoft endpoints add it here, otherwise leave blank.
 +  * Login Link: the appearance of the clickable link on the login page to use Azure rather than a local user.
 +
 +Before testing, the roles created in Azure must also be created in FFAStrans with the permissions applied. For example if you make a 'FFAStransAdmin' role in Azure, you must make this as a group inside the WebInterface and assign it admin permissions.
 +When a user logs in their list of Azure roles is compared to the webinterface groups and they are given the correct rights. If the role does not exist as a group in FFAStrans the user will not be able to do anything.
 +
 +To test logout and click your Azure button. The login flow may prompt for 2FA if required and log you in to the interface under your Azure username.
webinterface/azure.1732187425.txt.gz · Last modified: 2024/11/21 11:10 by thomasn
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki