How to Set up Azure Active Directory to perform authentication

using Single Sign-On

This section explains how to perform Single Sign-On (SSO) for users in the
Azure Active Directory with Syncfusion Dashboard Server and Dashboard
Designer.

NOTE

This configuration has been done using the Azure Portal.

Steps to set up Azure Active Directory

Prerequisites

 An Azure account with Active Directory support.

 Install Syncfusion Dashboard Server and log on with administrator account.

Setup Azure Active Directory application

Log on to the Azure portal to create an Azure Active Directory.

1. Click Create a resource and search Azure Active Directory as follows.

2. Click Create in the following screenshot.
3. In the dialog box, enter the Name, Domain Name, and choose the Country or
Region, and then click Create.
 The application will be added to the directory and you can view the details of the
application in the App registrations.

In this directory, you should add three applications. An application acts as a Web
API Server (Dashboard Server), and the other two applications act as native client
applications (Dashboard Designer and Syncfusion Dashboards mobile app).

4. Enter into the created directory and click Azure Active Directory, and then
select App registrations.
5. Now, click New application registration to add a new application.

6. Enter the name of the application and choose Web app/API as Application type and
enter the sign-on URL.
7. To view all registered applications, click Azure Active Directory and select App
registrations, and then choose All apps.
8. Choose the registered application and click Settings.
9. Select Properties and enter the App Id URI and Home page URL.
10. Click Save as highlighted in the above screenshot.

NOTE

The sign-on URL, App ID URI, and Home page URL should be the URL of the
Syncfusion Dashboard Server application.
Now, you can add Microsoft Graph application to your application to import the
users and groups into the Syncfusion Dashboard Server.

11. Go to application, click Settings, and select the Required permissions. Then

click Add and click Select an API.
12. Select Microsoft Graph from the list and click Select.
 13. Enable following permissions for dashboard server application

o Microsoft Graph Application and Delegated Permissions

Application Permissions

Read directory data

Delegated Permissions
1. Read directory data

2. Read all groups

3. Sign in and read user profile

4. Access directory as the signed in user

o Windows Azure Active Directory Application and Delegated Permission

Application Permissions

Read directory data

Delegated Permissions

1. Read directory data

2. Sign in and read user profile

14. After adding the permission, click the Grant Permission from the Required

permissions section of the application page and select yes as below.
Configure Azure Active Directory to perform Single Sign-On in Dashboard
Designer application
1. Enter into the created directory and click the Azure Active Directory. Then,
select App registrations and click the New application registration to add a new
application.

2. Enter the name of the client application and choose the Application type
as Native and enter the Redirect URI.
 3. Click Create. The client application will be added to the directory and you can view
the details of the application in the App registrations.

NOTE

Redirect URI should be the URL of the Syncfusion Dashboard Server application.
1. To view all registered applications, click the Azure Active Directory and select App
registrations, and then choose All apps.

Now, you can add Dashboard Server application to the client application to enable

Single Sign-On in native client application.

2. Choose the registered application and click the Settings.

3. Go to application, click Settings, and select Required permissions. Then click Add,
and then choose Select an API.
4. Select the Dashboard Server from the list and click Select.

5. Select the delegated permission for accessing Dashboard Server and save it.
Configure Azure Active Directory to perform Single Sign-On in Syncfusion
Dashboard Mobile application
1. Enter into the created directory and click Azure Active Directory. Select the App
registrations and click New application registration to add a new application.

2. Enter the name of the client application and choose the Application type as Native,
and then enter the Redirect URI.
3. Click Create, the client application will be added to the directory and you can view
the details of the application in the App registrations.

NOTE

Redirect URI should be the URL of the Syncfusion Dashboard Server application.
4. To view all registered applications, click the Azure Active Directory and select App
registrations, and then choose All apps.

Now, you can add Dashboard Server application to the client application to enable

Single Sign-On in native client application.

5. Choose the registered application and click the Settings.

6. Go to application, click the Settings, and select Required permissions. Then
click Add, and then choose Select an API.
7. Select the Dashboard Server from the list and click Select.
 8. Select the delegated permission for accessing the Dashboard Server and saving it.

Setup Azure Active Directory users and groups

By default, a root user sourced from the Microsoft account is added to the directory. You
can add users to this directory and later it will be imported to the Syncfusion Dashboard
Server to perform the Single Sign-On.

Setup Syncfusion Dashboard Server to perform Single Sign-On

Configure the settings in Syncfusion Dashboard Server to perform Single Sign-On.

1. When you are in the same Azure Active Directory application (Dashboard Server)
page, go to App registrations, and click Endpoints at the top, and a pop-up will be
appeared as follows.
2. Start Syncfusion Dashboard Server and log on with administrator account. Click
the Settings icon in the bottom-left corner and select the SSO settings.
3. Configure the following fields in the Syncfusion Dashboard Server to perform Single
Sign-On with Dashboard Server.

o Metadata URI: Copy the text in the first textbox named FEDERATION

METADATA DOCUMENT and paste it.

o Relying Party ID: The default site URL is already defined in this field. Copy
this URL and go to configure menu of the server application created in the
Azure. Paste the URL in Sign-on URL, App ID URI, and Reply URL and save the
application.

4. Configure the following fields in the Syncfusion Dashboard Server to perform Single
Sign-On with Dashboard Designer.

o Authority: From the Azure application, click the view endpoints. A pop-up will
be displayed. Copy the text in the second textbox named WS-Federation
Sign-On Endpoint and paste it.

o Tenant Name: Go to the created Azure Active Directory and copy the domain

name by clicking it as shown in the following image.

o Designer client ID: Go to the registered application and click the Settings.

Then, copy the Application Id and paste it.
 o Mobile App Client Id: The client ID of the Syncfusion Dashboards client
application is created in the Azure Active Directory.

5. Now, click save. After the values are saved, the application is Restarted to apply
the settings.

Setup Syncfusion Dashboard Server to import Azure Active Directory users and
groups
1. Go to the Active Directory Settings page in the Syncfusion Dashboard Server and
click the Azure Active Directory tab.
2. Configure the following fields in the Syncfusion Dashboard Server to import Azure
users and groups.

o Tenant Name: Go to the created Azure Active Directory and copy the domain

name by clicking it as follows.

o Client ID: Go to the registered application and click the Settings, and then
copy the Application Id and paste it.
o Client secret code: Go to the Settings and click Keys, and then enter
the Description and choose the Duration under Passwords.
3. Click Save. The client secret will be generated, and then copy and paste it into the
text box.
 4. Now, test the connection. If the connection is valid, the success message is
displayed. Save the settings.

The Azure user can be imported into the Syncfusion Dashboard Server. Refer to the
following link to Import Azure Active Directory Users and Import Azure Active Directory
Groups.

Login with Azure ADFS

After the Single Sign-On settings are saved and the Azure users are imported to the
Syncfusion Dashboard Server, you can logout from the application. Now, the login page
is provided with the additional button named Microsoft ADFS, which opens the external
authentication provider login window, as follows.
After sign in with the Azure username and password, you can log on to the Syncfusion
Dashboard Server.

NOTE

To log on to the Syncfusion Dashboard Server with Azure ADFS, the particular user
should be imported to the application. If the user is