Azure AD Authentication Integration

Edition: SaaS Enterprise

Guide objective:
Follow this guide to configure Azure AD authentication for Agile Data Engine.

Prerequisites

To enable authentication with your Azure Active Directory tenant to Agile Data Engine, you will need:

• Agile Data Engine SaaS Enterprise edition (or higher)

• One of the following roles on your AAD tenant to add and configure an enterprise application:

  • Global Administrator

  • Cloud Application Administrator

  • Application Administrator

At the moment it is not possible to fully complete setting up the integration without contacting Agile Data Engine support. Follow this guide to create and configure an enterprise application in your AAD tenant. After completing the configuration, provide the instructed details to Agile Data Engine support.

Create an enterprise application

1. Navigate to Azure Portal and to your Azure Active Directory tenant.

2. In Enterprise applications click New application and select Create your own application.

3. Name your application (e.g. Agile Data Engine), select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.

Configure redirect URLs

1. Navigate back to your AAD tenant and click App registrations.

2. Find the application you created, open it and click Authentication.

3. Set Redirect URIs for all environments in the following format:

https://external.{ENVIRONMENT}.datahub.{TENANT}.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint

Tenant name is part of the URL of your Agile Data Engine account. Environment names are listed in the Designer front page under Environments.

For example:

https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
https://external.dev.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
https://external.test.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
https://external.prod.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint

4. Set Front-channel logout URL in the following format:

https://external.design.datahub.{TENANT}.saas.agiledataengine.com/authenticator/realms/ade/protocol/openid-connect/logout

For example:

https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/protocol/openid-connect/logout

Create an application client secret

1. In Certificates & secrets click New client secret.

2. Set an appropriate expiry time, click add. Store the secret value securely and prepare to share it with Agile Data Engine support.

3. Take note of the expiry date and always plan ahead to update the secret in time.

Token configuration

1. In Token configuration click Add optional claim, select token type ID, select claim upn, click Add.

2. Check box Turn on the Microsoft Graph profile permission in the dialog and click Add.

Share details with Agile Data Engine support

Share the following details securely with Agile Data Engine support:

1. Application (client) ID

2. OAuth 2.0 token endpoint (v1)

3. OAuth 2.0 authorization endpoint (v1)

4. Client secret

You will find these details from the Overview and Endpoints tabs:

Client secret values are only shown immediately after creation. If you did not store the secret, you can always create another one.

After the support team has configured your account for AAD authentication, users can access Agile Data Engine with their AAD accounts.

Add users

1. Navigate to Enterprise applications in your AAD tenant and select the application you created for Agile Data Engine.

2. Open the Users and groups tab.

3. Click Add user/group to add individual users and/or security groups to the application.

Log in with AAD

1. After the configuration is complete, navigate to your Agile Data Engine account and select Continue with ad:

   

2. Log in with your AAD account.