Activate Web Portal Azure OAuth authentication

introduction the activate portal can be configured to allow authentication using oauth via azure instead of the standard windows authentication via iis when users browse to activate they will be prompted to login to microsoft entra id using their organisation credentials prerequisites docid\ xpdejox5bcxkhgfyg5uuw azure connection note users who wish to logon to activate web with this authentication method will need to have an account/object in microsoft azure/entra disable windows auth in iis settings for the site 1\ on the activate web server, open iis manager 2\ select the web site 3\ select authentication 4\ disable windows authentication 5\ check that anonymous authentication is enabled register the activate and record identifiers create a new azure application for the connection this must be a seperate application from the main activate azure application because it has different settings and requirements to allow users to authenticate the following steps show you how to register your app in the microsoft entra admin center sign in to microsoft entra admin center on the sidebar menu select applications , then select app registrations select + new registration in the register an application page that appears; enter a meaningful application name that is displayed to users of the app, for example activate client app under supported account types, select accounts in this organizational directory only select register the application's overview pane displays upon successful registration record the application (client) id to be used in your application source code add a platform redirect url to specify your app type to your app registration, follow these steps under manage, select authentication on the platform configurations page, select add a platform, and then select the spa option for the redirect uris enter your redirect url test https //localhost 3000/ or production https //yourcompany com select configure to save your changes on the platform configurations page, in the new single page application that has appeared, select add uri, then enter https //localhost 3000/ or https //yourcompany com select save to save your changes, and ensure that both uris are listed grant admin consent for all users users will need to individually consent unless the following is done 1\ click on api permissions 2\ grant admin content for \[application name] 3\ click ok change activate configuration to use oauth 1\ open activate studio that manages the site you wish to configure 2\ navigate to //resources/configuration/web 3\ open parameter web config 4\ the standard configuration is this \<authschemes>windows,anywhere\</authschemes> change this to \<authschemes>azure\</authschemes> 5\ update the the following information to match the application and redirect uri from above \<azure> \<applicationid>\[application id]\</applicationid> \<tenantid>=//resources/activedirectory/external directories/azure/tenantid\</tenantid> \<tenantname>=//resources/activedirectory/external directories/azure/tenantname\</tenantname> \<redirecturi>https //localhost\</redirecturi> \<postlogoutredirecturi>/\</postlogoutredirecturi> \</azure> 6\ restart the activate app pool and when you connect you will either get signed in automatically if windows integrated azure is working, or redirected to the azure login screen to login troubleshooting sometimes the serverprincipalname hasn't been registered against the active directory server computer object after logging in with azure/entra oauth and after being redirected the user is challenged for windows authentication