Skip to main content
Skip table of contents

Microsoft Entra ID Authentication Integration

Edition: SaaS Enterprise

Guide objective:
Follow this guide to configure Microsoft Entra ID (formerly Azure Active Directory) authentication for Agile Data Engine.

Prerequisites

To enable authentication with your Microsoft Entra ID tenant to Agile Data Engine, you will need:

  • Agile Data Engine SaaS Enterprise edition (or higher)

  • One of the following roles on your Microsoft Entra ID tenant to add and configure an enterprise application:

    • Global Administrator

    • Cloud Application Administrator

    • Application Administrator

At the moment it is not possible to fully complete setting up the integration without contacting Agile Data Engine support. Follow this guide to create and configure an enterprise application in your Microsoft Entra ID tenant. After completing the configuration, provide the instructed details to Agile Data Engine support.

Create an enterprise application

  1. Navigate to Azure Portal and to your Microsoft Entra ID tenant.

  2. In Enterprise applications click New application and select Create your own application.

  3. Name your application (e.g. Agile Data Engine), select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.

Configure redirect URLs

  1. Navigate back to your Microsoft Entra ID tenant and click App registrations.

  2. Find the application you created, open it and click Authentication.

  3. Click Add a platform, select Web and set Redirect URIs for all environments in the following format:

URL 
https://external.{ENVIRONMENT}.datahub.{TENANT}.saas.agiledataengine.com/authenticator/realms/ade/broker/{AD}/endpoint

Where:

  • Replace {AD} with e.g. company name (example: CompanyAD). This naming will guide end users to login to correct AD. Limitations in {AD} naming:

    • No space allowed in the name

    • Name is case sensitive

  • Replace {TENANT} with ADE tenant name (example: s1234567). Tenant name is part of the ADE URL.

  • Replace {ENVIRONMENT} with ADE environment name. Environment names are listed in the Designer front page under Environments.

Example:

URL 
https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint
https://external.dev.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint
https://external.test.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint
https://external.prod.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint

4. Set Front-channel logout URL in the following format:

URL 
https://external.design.datahub.{TENANT}.saas.agiledataengine.com/authenticator/realms/ade/protocol/openid-connect/logout

For example:

URL 
https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/protocol/openid-connect/logout

Create an application client secret

  1. In Certificates & secrets click New client secret.

  2. Set an appropriate expiry time, click add. Store the secret value securely and prepare to share it with Agile Data Engine support.

  3. Take note of the expiry date and always plan ahead to update the secret in time.

Token configuration

  1. In Token configuration click Add optional claim, select token type ID, select claim upn, click Add.

  2. Check box Turn on the Microsoft Graph profile permission in the dialog and click Add.

Share details with Agile Data Engine support

Share the following details securely with Agile Data Engine support:

  1. Application (client) ID

  2. OAuth 2.0 token endpoint (v1)

  3. OAuth 2.0 authorization endpoint (v1)

  4. Client secret

  5. Configured redirect URIs

    For example:

    URL 
    https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint
https://external.dev.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint
https://external.test.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/CompanyAD/endpoint
https://external.prod.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/

You will find these details from the Overview and Endpoints tabs:

Client secret values are only shown immediately after creation. If you did not store the secret, you can always create another one.

After the support team has configured your account for Microsoft Entra ID authentication, users can access Agile Data Engine with their Microsoft Entra ID accounts.

Add users

  1. Navigate to Enterprise applications in your Microsoft Entra ID tenant and select the application you created for Agile Data Engine.

  2. Open the Users and groups tab.

  3. Click Add user/group to add individual users and/or security groups to the application.

Log in with Microsoft Entra ID

  1. After the configuration is complete, navigate to your Agile Data Engine account and select Continue with CompanyAD:

  2. Log in with your Microsoft Entra ID account.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close