Skip to main content

 

Secure the Application

 

Applies only to Traditional Web Apps
OutSystems

Configure Azure AD Authentication

The configuration of the Azure AD authentication method is quite similar to the SAML 2.0 one, but in this case the "Claims" settings are already filled in with Azure AD default values.

Additionally, the configuration settings for Azure AD authentication can be filled in by uploading/downloading files with metadata, which helps avoid human errors.

The limitations of the current SAML 2.0 implementation also apply to the Azure AD authentication method. Be sure to check them when using Azure AD end-user authentication.

To set up Azure AD authentication for end-users do the following:

  1. Sign in to the Azure Active Directory portal and create your own application.

  2. Search for the OutSystems Azure AD application on Azure AD marketplace and select it.

  3. Select the SAML single sign-on method.

  4. In the Users application, click "Configure Authentication" in the sidebar, choose Azure AD in Authentication and fill the Service Provider Connector Settings accordingly, or keep the default values.

  5. Download the Service Provider metadata file by clicking Download SP Metadata XML.

  6. In the Azure Active Directory portal, upload the metadata file downloaded in the previous step by clicking Upload metadata file.

  7. Edit the Basic SAML configuration by clicking the pencil icon and fill in the Logout URL field with the following URL:
    https://<your_server_name>/Users/SLO.aspx

  8. Download the Federation Metadata XML in the Azure Active Directory portal by clicking the corresponding "Download" link.

  9. In the Users application, upload the XML file you downloaded in the previous step by clicking Upload from IdP/Federation Metadata XML.

  10. In the Azure Active Directory portal, click Test in step 5 to test your configuration.

  11. Click Sign in as current user.

  12. After entering your credentials, if the authentication is successful you will be redirected to the Users application and you will get an error stating that you don't have permissions to view the screen.

    This happens because this user doesn't have any roles yet. You will need to configure user roles after the user logs in for the first time using Azure AD authentication, so that the user already exists in the OutSystems database.

    If the authentication is unsuccessful, double-check your configuration settings.

  13. Follow the instructions provided for the SAML 2.0 authentication method to change the Logout flow of your OutSystems applications.

Troubleshooting Azure AD authentication issues

Since the Azure AD end-user authentication method is very similar to the SAML 2.0 one, you can troubleshoot them in the same way:

  • Was this article helpful?