Skip to main content
To homepage To homepage

Single Sign-On Azure AD in Orchestration, Data Quality and Data Enrichment

Christian Hauggaard
Community Manager
Forum|alt.badge.img+5

This article will walk through how to set up single sign-on using Azure AD and how the authentication flow changes along with that setup.

Note: In order to use Entra ID groups in TimeXtender Orchestration & Data Quality the token sent by the App Registration needs to be configured to include the groups the user belongs to. This is done by opening Manage -> Token configuration under the appropriate App Registration and setting a groups claim for ID, Access and SAML to send Group ID, and select "Emit groups as role claims". It is also necessary to make sure the group types included in the tokens are Security groups, this is also done under the Groups Claim in Manage -> Token configuration

Setup an application in Azure AD

The first step in order to enable single sign-on using Azure AD is to set up an application in your company Azure AD. These are the steps that are required to set up an application:

  1. Navigate to https://portal.azure.com and sign in with your credentials
  2. Press the View button to manage your Azure Active Directory
  3. In the left navigation pane press App registrations
  4. Next in the top navigation pane click New registration
  5. Fill in the new application information as seen below and press the Register button
  6. Next click Add an Application ID URI
  7. Click the Overview button in the left navigation pane and then click the Redirect URIs link to register configurations for the desktop application
  8. Click the API Permission tab on the left navigation pane
  9. Select the User
  10. Read line and click Grant admin consent for X
  11. If you plan to use Azure Active Directory Groups you need to add Group.Read.All Delegated permission as well

 

Setup in TimeXtender

Start by navigating to the overview for the application just created in Azure AD.

Send an email to support (support@timextender.com) listing the following configuration information:

Azure Active Directory configuration

  • Application ID: {your-application-id-uri}
  • Tenant ID: {your-tenant-id}
  • Federation metadata document:{your-federation-metadata-document}

Authentication flow

After the configuration has been set up and the application registered the flow in both the desktop application and web client will be slightly different.

Web client

Navigate to https://login.exmon.com and enter your email

If you have set up single sign-on using Azure AD, you will be redirected to your companies login site and it will probably look something like this:

Desktop application

Open up the desktop application. We are using TimeXtender Master Data Management as a demonstration in this example, but the same principle applies to TimeXtender Orchestration & Data Quality as well.

 

Did this topic help you find an answer to your question?

2 replies

Paul McLeod Bespoke Analytics
TimeXtender Xpert
Forum|alt.badge.img+2

Is it possible to set this up for TimeXtender V21 as well? If so, do you have instructions specific to TimeXtender? (i.e. what is the login url).

rory.smith
A
E
3 people like this
  • rory.smith
    rory.smith
  • A
    a.chikhi
  • E
    EelcoH
Christian Hauggaard
Community Manager
Forum|alt.badge.img+5

Hi @Paul McLeod Bespoke Analytics, this is not currently supported in TimeXtender Data Integration. Please see the below product idea

https://support.timextender.com/ideas/single-sign-on-setup-for-timextender-2194

 

Reply


Most helpful members this week

Terms and ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings