Show/Hide Toolbars

Inventu Viewer+ Azure AD Configuration

Navigation: » No topics above this level «

Configuring Azure Active Directory for a New Inventu Viewer+ Server

Scroll Prev Top Next More

This page will guide you through the process of configuring a new Azure AD application that integrates with your Viewer+ FVTerm web application so that Azure AD becomes the security system for users accessing FVTerm.

 

Requirements

 

1.You must have a Azure AD Signin that has administrative rights to your Azure AD configuration.  

2.Your Viewer+ server must have a DNS name configured in your network--you can start with a server that is not fully accessible on the internet, but will eventually need a full DNS name for the Viewer+ server to configure in the Azure AD management pages.

3.Your IIS server must have an active SSL/TLS certificate.  If you do not have a trusted certificate from an issuing authority, you can use the IIS server node's "Server Certificates" page and use the "Create Self-Signed Certificate" action.

4.Your IIS web site for FVTerm must have the https binding activated if you want to test anywhere but the localhost URL--this is in the site's "Bindings" configuration dialog--add https if it is missing.

 

         NOTE-PLEASE CONFIGURE HTTPS (step 4 above) BEFORE ATTEMPTING non-Localhost AZ-AD SIGNONS!

 

Sign-In to Azure Management Page

 

Open Azure Management in order to access the Azure AD --

 

https://portal.azure.com

 


This will open your Azure management as of October, 2021, you first click on the Azure Active Directory Icon-- you may need to click on "more services" to see the Azure Active Directory icon...
 
clip0030

 

 

Then select App Registrations in the next "blade":

 
  clip0002

 

 


This will display the applications for your organization in the next page (if any) -- Click on Register an application

clip0007:

 

You might also see a list of applications with no "Register and application" button--in this case, click on "New Registration":

 

clip0031


Add a new Application-- use an appropriate name for the servers that will be supporting this application.

 

Next, enter the signon from requirements # 2 (above) that your users will utilize to access the FVTerm application--if you are testing, enter the test server URL as you will be accessing it.  

 

Remember that it must be HTTPS, unless you see "http://localhost" as a testing option.  

 

For the Redirect URI use just the "FVTerm" for the URL portion, not the full web page url.  Once you've entered click on Register...

 

 clip0005


The application is now created in Azure AD--now you need to create/capture two key text strings that will be used when configuring FVTerm.

 

First, click on the Add an Application ID URI

clip0032

 

Then, "Set" the Application URI to display a unique string:
 
clip0033

This will display a new, opaque string that could be your custom application API--but our experience has shown that it is more reliable to create your own using the domain for your organization, for example:

 

https://inventu.onmicrosoft.com/FVTermAccess (but use your Azure AD Domain!)

 

This URL does not need to point to any real server or web address, but by having your Azure AD Domain in it, it has proven more reliable than the "api:{generated guid}" which sometimes results in errors as users sign in.

 

Copy this Application ID URI to the clipboard and paste to a work text document or other location for later use.

 

Click on the Header or backbutton to return to the "Essentials"

 


The next step is to obtain the finger prints (also called thumb prints) for the active Certificates used to encrypt and validate the sign-on with Azure AD.  This requires you to view the endpoint document for the new application just created and copy the certificate to the clipboard.  First step is to grab the URL to access the endpoints XML document...

 

Click on Overview in the left navigation blade...

 

Click on Endpoints to access the key URL's about your company, application and so on:

 

clip0034


This will display the endpoint URL's -- you are interested in the FEDERATION METADATA DOCUMENT url--copy the URL to the clipboard and/or your scratchpad text document:

 

clip0035

 

Here is an example scratch text file for using the configuration information with the Inventu Viewer configuration page

clip0036

 


 Next Step: Configuring Inventu Viewer+ FVTerm for Azure AD