OAuth Setup: Difference between revisions
Dgreenwood (talk | contribs) Created page with "OAuth is an authentication method that allows third-party applications web access without sharing passwords. *<li class="fyi-bullet"> Microsoft Entra ID (formerly Azure Active Directory) is the only supported OAuth provider at this time. Benefits to OAuth: * Security - Users do not have to share their passwords with third party applications. * Simplified logins - Users can log into multiple applications with existing accounts. In the case of Grooper, with a Microsoft En..." |
Dgreenwood (talk | contribs) No edit summary |
||
| Line 22: | Line 22: | ||
* Registers the application with Azure Entra ID | * Registers the application with Azure Entra ID | ||
Client Id and Client Secret are | App registration information from Azure (the Tenant ID, Client Id, and Client Secret) are copied to the Grooper website's web.confing file. | ||
* AADInstance is auto populated | * AADInstance is auto populated | ||
* RedirectUri is partially auto populated. | * RedirectUri is partially auto populated. | ||
| Line 35: | Line 34: | ||
#* Make note of Client ID and Tenant ID | #* Make note of Client ID and Tenant ID | ||
#* Create a Client Secret. | #* Create a Client Secret. | ||
#* In Authentication under "Platform configurations" add a platform ("web"?). Add a Redirect URI | #* In Authentication under "Platform configurations" add a platform ("web"?). Add a Redirect URI https://{domainURI}/Grooper/Auth/Callback | ||
#* In Platform Configurations, under "Implicit grant and hybrid flows" check "ID tokens"?, | |||
https://{domainURI}/Grooper/Auth/Callback | |||
#* In Platform Configurations, under "Implicit grant and hybrid flows" check "ID tokens", | |||
# Turn Windows Authentication off and Anonymous needs to be on. | # Turn Windows Authentication off and Anonymous needs to be on. | ||
# Edit the web.config with required parameters. | # Edit the web.config with required parameters. | ||
#* Client ID, Client Secret, TenantID, RedirectURI, (PostLogoutUri is not implemented at this time) | #* Client ID, Client Secret, TenantID, RedirectURI, (PostLogoutUri is not implemented at this time) | ||
secret value 0Dz8Q~2tCoZCZbh6YO1hV8wFsLXCsM7P~cnTMamc | secret value 0Dz8Q~2tCoZCZbh6YO1hV8wFsLXCsM7P~cnTMamc | ||
=== OAuth authentication for apps === | |||
OAuth also allows secures "app to app" communication. This is what allows Grooper's AI Assistants to integrate with Azure bot services, extending AI Assistants to channels like Teams, Slack and email. | |||
Configure the GWS website | |||
# Create an app registration in Entra ID for Grooper. | # Create an app registration in Entra ID for Grooper. | ||
# Make note of Client ID and Client Secret | # Make note of Client ID and Client Secret | ||
Revision as of 09:03, 16 July 2025
OAuth is an authentication method that allows third-party applications web access without sharing passwords.
- Microsoft Entra ID (formerly Azure Active Directory) is the only supported OAuth provider at this time.
Benefits to OAuth:
- Security - Users do not have to share their passwords with third party applications.
- Simplified logins - Users can log into multiple applications with existing accounts. In the case of Grooper, with a Microsoft Entra ID account (formerly Azure Active Directory).
- Integrations - OAuth is the security standard for app-to-app communication. Securing Grooper with OAuth allows us new integration options, including using Azure Bot Services to extend AI Assistants to external chat channels.
Both the Grooper website and the GWS website can be configured with OAuth authentication.
- Grooper and OAuth - When you configure the Grooper website to use OAuth, users will log into Grooper using their Entra ID credentials. Microsoft will ask you to approve the login and grant access. This allows Grooper log in using Microsoft authentication servers.
- Previous login methods are still supported and Windows remains default login method for the Grooper web app.
- OAuth is required if you are (1) extending an AI Assistant to an external channel like Teams using Azure Bot Services and (2) want users to be able provide users links to download Grooper documents or open documents in Grooper in the chat response. This mechanism secures the links sent between Grooper, the Azure bot, and the chat channel.
- GWS and OAuth - GWS uses OAuth client credentials to communicate with Azure Bot Services.
- This authentication method is required for users wanting to extend AI Assistants to external channels like Teams using Azure Bot Services.
- For users that what to provide links in the chat response to download Grooper documents or open documents in Grooper, both the Grooper website and GWS websites will need to be secured with OAuth.
There is some additional setup required to configure OAuth authentication. You must register Grooper as an application in Microsoft Entra ID and you must configure each website's web.config files. Full instructions on setting up OAuth are coming soon.