OpenID Settings¶

Using these settings we can add OpenID configuration to allow logging into the FAIR Wizard via external identity provider.

FAIR Wizard supports Microsoft Azure as well as any other OpenID providers. Following are detailed description of the setups for both of these options.

Note

After setting a new OpenID service, we should directly test it and verify that the configuration works well. For that, we can simply open our FAIR Wizard in a new anonymous window of the web browser.

Microsoft Azure Setup¶

Go to https://portal.azure.com/.
Go to App registrations.
Click on New registration.
Fill in a name.
Select Accounts in this organizational directory only (Single tenant).
Keep Redirect URI empty.
Click on Register.
Copy and store Directory (tenant) ID and Application (client) ID.
Click on Manage in the left menu → Certificates & Secrets.
Click on New client secret.
Fill description, set Expires and note it somewhere, then click on Add.
Copy Value and store it somewhere. You will not able to view it again.
Go to OpenID in FAIR Wizard: Admin Center → Settings → Organization OpenID → Create.
Fill in a Name of the service. This name will be used to identify the service in the list of login options, so it should be something descriptive.
Open the Microsoft tab and fill in :
- Application (client) ID
- Directory (tenant) ID
- Client Secret → <stored secret value>
(optional) fill Icon (fab fa-microsoft, or some other from Font Awesome), Background Color and Text Color.
Click on Save.
Go back to Microsoft Azure.
Click on Manage in the left menu → Authentication (Preview).
Click on Add Redirect URI.
Click on Web.
Copy Redirect URI and Front-channel logout URL from FAIR Wizard.
Do not check any checkbox.
Click on Configure.
Click on Manage in the left menu → API permissions.
Click on Add a permission.
Click on Microsoft Graph → Delegated permissions.
Under OpenId permissions check email, openid and profile. Under User keep checked User.Read.
Click on Add permissions.
Click on Manage in the left menu → Token configuration.
Click on Add optional claim.
Select ID and check email, family_name and given_name.
Click on Add.
Test your OpenID configuration in FAIR Wizard (You might need to refresh the login page for the login button to appear).

../../../../_images/openid.png — Example configuration of OpenID Microsoft Azure service.¶

Custom Setup¶

Go to OpenID in FAIR Wizard: Admin Center → Settings → Organization OpenID → Create.
Fill in a Name of the service. This name will be used to identify the service in the list of login options, so it should be something descriptive.
Open the Custom tab.
Prepare the client application on the side of OpenID service:
- Obtain Client ID and Client Secret.
- Obtain OpenID endpoint URL (we may get one ending with /.well-known/openid-configuration, if so we just use the part before this suffix).
Go back to FAIR Wizard and fill in Client ID, Client Secret, and URL from our OpenID client together with optional Parameters (usually not needed).
Click on Save.
On the side of OpenID service, use Callback URL (and optionally Logout URL) to create the client.
- Configure the client to have the following claims: openid, profile, email.
- Configure the client to provide the following details in ID tokens: email, given_name, family_name.
(optional) fill Icon (some from Font Awesome), Background Color and Text Color.
Test your OpenID configuration in FAIR Wizard (You might need to refresh the login page for the login button to appear).

Automations¶

We can use the Create automation button to add some extra steps after users use this login option. There are two tabs. Configuration, where we can set up automation using the Integration SDK and Logs where we can see logs of the automation. The automation can have its name changed and it can be enabled or disabled. See details in Automations.

Note

There can be only one automation per login configuration. However, multiple actions can be set up within a single automation script.