OAuth Setup: Difference between revisions
Dgreenwood (talk | contribs) No edit summary |
Dgreenwood (talk | contribs) No edit summary |
||
| Line 34: | Line 34: | ||
#* Make note of Client ID and Tenant ID | #* Make note of Client ID and Tenant ID | ||
#* Create a Client Secret. | #* Create a Client Secret. | ||
#* In Authentication under "Platform configurations" add a platform ("web" | #* In Authentication under "Platform configurations" add a platform ("web"). Add a Redirect URI https://{domainURI}/Grooper/Auth/Callback | ||
#* In Platform Configurations, under "Implicit grant and hybrid flows" check "ID tokens"?, | #* In Platform Configurations, under "Implicit grant and hybrid flows" check "ID tokens"?, | ||
# Turn Windows Authentication off and Anonymous needs to be on. | # Turn Windows Authentication off and Anonymous needs to be on. | ||
Revision as of 09:10, 16 July 2025
OAuth is an authentication method that allows third-party applications web access without sharing passwords.
- Microsoft Entra ID (formerly Azure Active Directory) is the only supported OAuth provider at this time.
Benefits to OAuth:
- Security - Users do not have to share their passwords with third party applications.
- Simplified logins - Users can log into multiple applications with existing accounts. In the case of Grooper, with a Microsoft Entra ID account (formerly Azure Active Directory).
- Integrations - OAuth is the security standard for app-to-app communication. Securing Grooper with OAuth allows us new integration options, including using Azure Bot Services to extend AI Assistants to external chat channels.
Both the Grooper website and the GWS website can be configured with OAuth authentication.
- Grooper and OAuth - When you configure the Grooper website to use OAuth, users will log into Grooper using their Entra ID credentials. Microsoft will ask you to approve the login and grant access. This allows Grooper log in using Microsoft authentication servers.
- Previous login methods are still supported and Windows remains default login method for the Grooper web app.
- OAuth is required if you are (1) extending an AI Assistant to an external channel like Teams using Azure Bot Services and (2) want users to be able provide users links to download Grooper documents or open documents in Grooper in the chat response. This mechanism secures the links sent between Grooper, the Azure bot, and the chat channel.
- GWS and OAuth - GWS uses OAuth client credentials to communicate with Azure Bot Services.
- This authentication method is required for users wanting to extend AI Assistants to external channels like Teams using Azure Bot Services.
- For users that what to provide links in the chat response to download Grooper documents or open documents in Grooper, both the Grooper website and GWS websites will need to be secured with OAuth.
There is some additional setup required to configure OAuth authentication. You must register Grooper as an application in Microsoft Entra ID and you must configure each website's web.config files. Full instructions on setting up OAuth are coming soon.