How to Set up Azure Active Directory to perform authentication using Single Sign-On

This section explains on how to perform Single Sign-On for users in Azure Active Directory with Syncfusion Report Server and Report Designer.

NOTE

This configuration has been done using the Azure Portal

Steps to set up Azure Active Directory

Prerequisites

• An Azure account with Active Directory support
• Install Syncfusion Report Server and Login with Administrator account

Setup Azure Active Directory application

Log on to the Azure portal to create an Azure Active Directory.

1. Click Create a resource and search Azure Active Directory as follows.
   

2. Click Create in the following screenshot.
   

3. In the dialog box, enter the Name, Domain Name, and choose the Country or Region, and then click Create.
   

The application will be added to the directory and you can view the details of the application in the App registrations.

In this directory, you should add two applications. An application acts as a Web API Server (Report Server), and the other application act as native client application (Report Designer).

1. Enter into the created directory and click Azure Active Directory, and then select App registrations.

2. Now, click New application registration to add a new application.
   

3. Enter the name of the application and choose Web app/API as Application type and enter the sign-on URL.
   

4. To view all registered applications, click Azure Active Directory and select App registrations, and then choose All apps.
   

5. Choose the registered application and click Settings.
   

6. Select Properties and enter the App Id URI and Home page URL.
   

7. Click Save as highlighted in the above screenshot.

NOTE

The sign-on URL, App ID URI, and Home page URL should be the URL of the Syncfusion Report Server application.

Now, you can add Microsoft Graph application to your application to import the users and groups into the Syncfusion Report Server.

1. Go to application, click Settings, and select the Required permissions. Then click Add and click Select an API.
   

2. Select Microsoft Graph from the list and click Select.
   
   

3. Enable following permissions for Report Server application

   • Microsoft Graph Application and Delegated Permissions

   Application Permissions
   Read directory data
   Delegated Permissions
   1. Read directory data
   2. Read all groups
   3. Sign in and read user profile
   4. Access directory as the signed in user

   • Windows Azure Active Directory Application and Delegated Permission

   Application Permissions
   Read directory data
   Delegated Permissions
   1. Read directory data
   2. Sign in and read user profile

4. After adding the permission, click the Grant Permission from the Required permissions section of the application page and select yes as below.
   

Configure Azure Active Directory to perform Single Sign-On in Report Designer application

1. Enter into the created directory and click the Azure Active Directory. Then, select App registrations and click the New application registration to add a new application.
   

2. Enter the name of the client application and choose the Application type as Native and enter the Redirect URI.
   

3. Click Create. The client application will be added to the directory and you can view the details of the application in the App registrations.

NOTE

Redirect URI should be the URL of the Syncfusion Report Server application.

1. To view all registered applications, click the Azure Active Directory and select App registrations, and then choose All apps.
   

   Now, you can add Report Server application to the client application to enable Single Sign-On in native client application.

2. Choose the registered application and click the Settings.
   

3. Go to application, click Settings, and select Required permissions. Then click Add, and then choose Select an API.
   

4. Select the Report Server from the list and click Select.
   

5. Select the delegated permission for accessing Report Server and save it.
   

Setup Azure Active Directory users and groups

By default, a root user sourced from the Microsoft account is added to the directory. You can add users to this directory and later it will be imported to the Syncfusion Report Server to perform the Single Sign-On.

Setup Syncfusion Report Server to perform Single Sign-On

Configure the settings in Syncfusion Report Server to perform Single Sign-On.

1. When you are in the same Azure Active Directory application (Report Server) page, go to App registrations, and click Endpoints at the top, and a pop-up will be appeared as follows.
   
   

2. Start Syncfusion Report Server and log on with administrator account. Click the Settings icon in the bottom-left corner and select the SSO settings.
   

3. Configure the following fields in the Syncfusion Report Server to perform Single Sign-On with Report Server.

   • Metadata URI: Copy the text in the first textbox named FEDERATION METADATA DOCUMENT and paste it.

   • Relying Party ID: The default site URL is already defined in this field. Copy this URL and go to configure menu of the server application created in the Azure. Paste the URL in Sign-on URL, App ID URI, and Reply URL and save the application.

4. Configure the following fields in the Syncfusion Report Server to perform Single Sign-On with Report Designer.

   • Authority: From the Azure application, click the view endpoints. A pop-up will be displayed. Copy the text in the second textbox named WS-Federation Sign-On Endpoint and paste it.

   • Tenant Name: Go to the created Azure Active Directory and copy the domain name by clicking it as shown in the following image.
     

   • Designer client ID: Go to the registered application and click the Settings. Then, copy the Application Id and paste it.
     

5. Now, click save. After the values are saved, the application is Restarted to apply the settings.

Setup Syncfusion Report Server to import Azure Active Directory users and groups

1. Go to the Active Directory Settings page in the Syncfusion Report Server and click the Azure Active Directory tab.
   

2. Configure the following fields in the Syncfusion Report Server to import Azure users and groups.

   • Tenant Name: Go to the created Azure Active Directory and copy the domain name by clicking it as follows.
     

   • Client ID: Go to the registered application and click the Settings, and then copy the Application Id and paste it.
     

   • Client secret code: Go to the Settings and click Keys, and then enter the Description and choose the Duration under Passwords.
     

3. Click Save. The client secret will be generated, and then copy and paste it into the text box.
   

4. Now, test the connection. If the connection is valid, the success message is displayed. Save the settings.

The Azure user can be imported into the Syncfusion Report Server. Refer to the following link to Import Azure Active Directory Users and Import Azure Active Directory Groups.

Login with Azure ADFS

After the Single Sign-On settings are saved and the Azure users are imported to the Syncfusion Report Server, you can logout from the application. Now, the login page is provided with the additional button named Microsoft ADFS, which opens the external authentication provider login window, as follows.

After sign in with the Azure username and password, you can log on to the Syncfusion Report Server.

NOTE

To log on to the Syncfusion Report Server with Azure ADFS, the particular user should be imported to the application. If the user is not imported, it redirects to the login page.