User Guide
Introduction
Setup via Deployment Manager
Dependency Agent
Ouvvi Demo
Dashboard
Projects
Apps
Steps
Triggers
Reporting
Services
Settings
Logs
Documentation
Miscellaneous
Step Handler SDK
Migrating Servers

Azure AD Authetication Mode

How to create a new Ouvvi Instance that uses Azure AD Authentication.

Available from version 4.0.640

1. Create Azure AD App

To make it possible to authenticate Ouvvi using Azure AD you will need to create an app within Azure AD to enable the connection.

To do this open your Azure AD Portal and go to Manage > App Registrations > New Registration. Now enter in a name for your application and choose the supported account types, for this we only need access to those within our organization so we have selected Accounts in this organizational directory only. If you have already created your Ouvvi Instance you will have the URL to the site available, enter this in the Redirect URI box. Otherwise we can configure this later on and you can leave the field blank.

Once complete click on Register to create the app.

New App Registration

You will now be given an overview of your app credentials (Client ID and Tenant ID).

2. Create Ouvvi Instance

If you have not yet created your Ouvvi Instance, go ahead and create a new instance using the deployment manager. Follow the instructions up to the installation and then come back to this guide.

Add a Redirect URI

If you didn't add a redirect URI when creating your app, now will be the time to do so. Go to your Azure AD App and select Authentication > Add a Platform> Web and add the URL to your Ouvvi Instance.

Add Redirect URI

This needs to be added otherwise you will not be able to access your Ouvvi site after logging in.

3. Web.Config Configuration

We now need to configure the Web.Config file to contain our OAuth details to connect to our AD App.

To find the Web.Config file go to C:\OuvviTenants\{Instance_Name}\Web. Add the settings listed below under the appSettings header and save the file.

App Settings

ClientId

You can get the ClientId of your app by going to Azure AD and locating the Application (client) ID on the App Registration Overview page.

Client ID

AADInstance

This will be https://login.microsoftonline.com/ .

Domain

This is your email domain of your AD account e.g. simego.com.

TenantId

You can get the TenantId of your app by going to the app registration overview page within Azure AD and locating the Directory (tenant) ID.

Tenant ID

PostLogoutRedirectUri

This will be the URL to your Ouvvi Instance for example http://localhost:11486/ . Make sure you have configured your Redirect URI for your App in Azure AD to allow for the redirect to your Ouvvi Site.

PostLoginRedirectUri

This will be the URL to your Ouvvi Instance for example http://localhost:11486/ . Make sure you have configured your Redirect URI for your App in Azure AD to allow for the redirect to your Ouvvi Site.

4. IIS Manager

You now need to update a few authentication settings in IIS Manager.

Open IIS Manager and navigate to Sites and then to your Ouvvi Instance (in this example it is OuvviAzureADAuth). Then click onto Authentication: enable Anonymous Authentication and disable Windows Authentication as below.

IIS Authentication

Now go back to the deployment manager and browse to your Ouvvi site. You will find that it redirects you to the Microsoft Login page, log in using your Azure AD account details and complete the database setup.

Microsoft Signin

5. Configure and Deploy the Agent

Now you need to configure and deploy an Agent to run your processes. To do this go to Services > System Services and click onto OAuth Authorize

OAuth Authorize

If the install process went correctly then your OAuth Settings will be already pre-configured in your System Settings. Double check that your OAuth Settings are configured and then click Authorise.

Authorize Agent

Now you need to get the OAuth Client Secret.

To get the Client Secret go back to your Azure AD App and go to Certificates & Secrets > Client secrets > New client secret. Type in a description and select the expiry policy.

New Client Secret

Make sure to make a copy of the client secret generated as this will not be shown again.

Copy Secret

Now enter this into the box and then click Download to download the file.

Download File

To install this file we need to locate and run the service console app. This can be found within your tenant folder under service C:\OuvviTenants\{InstnaceName}\Service.

Service Console

Then go to File > Install OAUTH File and locate the file downloaded previously. The Service Console can then be closed.

Install OAuth File

We can now go back to the deployment manager and start the Services. If we go back to our Ouvvi Site we should have green flags on some of the Services showing that our newly deployed agent is running as expected.

Services Running

Now activate your license key by going to Settings > Register License and you are ready to add projects.