Skip to main content
Skip table of contents

Microsoft Entra ID Authentication Integration with Multi-Tenant User Management

Edition: SaaS Enterprise

Guide objective:
Follow this guide to configure Microsoft Entra ID (formerly Azure Active Directory) authentication for Agile Data Engine services.

Migration to multi-tenant user management:

If you are migrating to multi-tenant user management:

  • Follow this guide to configure an enterprise application in your Entra ID. Configure a new enterprise application even if you are currently using Entra ID to access ADE.

  • Create a ticket for the configuration in the Support Portal and agree a changeover date & time.

  • Provide a list of users who will get access to ADE. A user with the TENANT_ADMIN role can also configure access in the Admin UI if it has been enabled for your tenant.

  • Clean up the old configuration in your Entra ID after the new setup has been successfully taken into use.

Prerequisites

To enable authentication with your Microsoft Entra ID tenant to Agile Data Engine multi-tenant user management, you will need:

  • Agile Data Engine SaaS Enterprise edition (or higher)

  • One of the following roles on your Microsoft Entra ID tenant to add and configure an enterprise application:

    • Global Administrator

    • Cloud Application Administrator

    • Application Administrator

At the moment it is not possible to fully complete setting up the integration without contacting Agile Data Engine support. Follow this guide to create and configure an enterprise application in your Microsoft Entra ID tenant. After completing the configuration, provide the instructed details to Agile Data Engine support.

Create an enterprise application

You need to register an application in your Entra ID. More detailed information is available in Microsoft documentation.

Basic setup can be done with the following steps:

  1. Navigate to Azure Portal and to your Microsoft Entra ID tenant.

  2. In Enterprise applications click New application and select Create your own application.

  3. Name your application (e.g. Agile Data Engine), select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.

Configure redirect URIs

  1. Navigate back to your Microsoft Entra ID tenant and click App registrations.

  2. Find the application you created, open it and select Manage, then Authentication.

  3. Click Add a platform, select Web and set Redirect URIs:

URL 
https://login.saas.agiledataengine.com/f5f5602f-c1c7-4d38-a01c-3f269046841a/oauth2/authresp

Create an application client secret

  1. In Certificates & secrets click New client secret.

  2. Set an appropriate expiry time, click add. Store the secret value securely and prepare to share it with Agile Data Engine support.

  3. Take note of the expiry date and always plan ahead to update the secret in time.

Token configuration

  1. In Token configuration click Add optional claim, select token type ID, select claim upn, click Add.

  2. Check box Turn on the Microsoft Graph profile permission in the dialog and click Add.

Share details with Agile Data Engine support

Share the following details securely with Agile Data Engine support:

  1. Application (client) ID

  2. OpenID Connect metadata document

  3. Client secret

  4. Email address domain for which all login requests are directed to this Entra ID integration (e.g. firstname.lastname@company.com)

You will find these details from the Overview and Endpoints tabs:

Screenshot 2024-11-13 at 8.49.12.png

Client secret values are only shown immediately after creation. If you did not store the secret, you can always create another one.

After the support team has configured your account for Microsoft Entra ID authentication, users can access Agile Data Engine with their Microsoft Entra ID accounts.

(Optional) Restrict user access from Entra ID

This is not required because user access is already handled on ADE user management side. Optionally access could be restricted by adding additional layer of security by restricting user access on Entra ID side by following Microsoft Entra ID documentation.

Add users to ADE

  1. Navigate to the user section of Admin UI and open the Users section.

  2. Click +Create user to add a new user.

  3. Select roles for the users when creating the user or add them afterwards. The user needs to have some role related to the service the user is trying to access.

Note that Admin UI is currently in private preview. Role assignments can also be done through the support portal while access to Admin UI is not available.

Log in with Microsoft Entra ID

  1. After the configuration is complete, navigate to Agile Data Engine. On the login page you will see the following screen:

    46bb99fa-8c2d-4881-899d-cd8e5cda57c7.png

  2. Log in with your Microsoft Entra ID account and you will be redirected to your Entra ID login page if the domain part of your email matches the domain which has been configured for your Entra ID integration.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close