origam.com

Azure Active Directory Login

Origam provides support for single-sign-on (SSO) with Azure Active Directory (AAD). This article describes how to enable sign on in Origam. Correct set up of the AAD is not in scope of this article and the relevant information can be found here.

To enable SSO appsettings.json has to be adjusted. The adjustment depends whether the authentication is in single-tenant mode or in multi-tenant mode. Anyway in both cases when set up, the login screen should contain a button Sign in with Azure AD.

Single-tenant Authentication

Add following section into IdentityServerConfig section:

"AzureAdLogin": {
    "ClientId": "client_id_guid",
    "TenantId": "tenant_id_guid"
}

Multi-tenant Authentication

Add following section into IdentityServerConfig section:

"AzureAdLogin": {
    "ClientId": "client_id_guid",
    "TenantId": "common",
    "ClaimType": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
},
"AuthenticationPostProcessor": "namespace.AuthenticationPostProcessor,assembly"

ClaimType denotes claim that should be used for the user identification in Origam. AuthenticationPostProcessor is an optional parameter to specify authentication post processor. By default internal AlwaysValidAuthenticationPostProcessor is used. In case of multi-tenant environment it should be used as a validation whether user/tenant is matching to the information in Origam. IAuthenticationPostProcessor is declared in Origam.Service.Core 1.1.0+.