Add Microsoft Entra ID authentication to your system

After you have prepared the Microsoft Entra admin center, you can add the Microsoft Entra ID authentication to your Neptune DXP - Open Edition.

Prerequisites

Procedure

  1. In the Neptune DXP - Open Edition Cockpit, go to Settings, and select System Settings.

  2. In the Authentication tab, select Edit.

  3. Select + Add and select Microsoft Entra ID.

    Result: The Authentication dialog opens.

    1. Enter a meaningful Name.

    2. Select Active to activate this authentication method.

    3. Select Show on Login page to show the login screen on the Neptune DXP - Open Edition Session Login Page.

    4. Enter a Description.

    5. Enter a Path to retrieve a Neptune DXP - Open Edition session (for example, open-edition-ad-bearer). You can add any string as a path.

    6. In Identity Metadata, enter a link to a metadata document that contains information required for an app to sign-in.

    7. From your Microsoft Entra ID account, enter the Tenant ID of your Neptune DXP - Open Edition.

    8. Enter your application’s Client ID from the Microsoft Entra admin center.

    9. Enter the Client Secret key that you generated in New client secret in the Microsoft Entra admin center.

    10. Optionally, to send a reminder email to renew your client secret in Microsoft Entra ID, turn on the switch Send Reminder Email before Expiry.

      If you turn on the switch, in Expiry Date, select the expiry date of the client secret. In Days before Expiry, select the number of days in 24 hours until midnight that the email reminder should be sent before expiry of the client secret. In Send to Email Address, enter an email address of your choosing or one that corresponds to the email address you configure for the SMTP host in the Emailing tab.

    11. Additional Scopes

    12. To enable silent sign-out for when a user signs out of a PWA, select Use Silent Sign-Out in PWA. If you have configured authentication of a PWA with Microsoft Entra ID, when a user signs out of a PWA, the user also signs out simultaneously from the Microsoft identity platform. By choosing silent sign-out, the user signs out without any further prompt via pop-up dialog.

    13. To use the Microsoft Authentication Library for JavaScript to authenticate a user managed in Azure Active Directory by acquiring security tokens from the Microsoft identity platform to access secured web APIs, select Use MSAL v2. Can be accessed in Launchpad with AppCachLogonAzure.msalObj.

  4. In Claims Assignment, select Add to add claims assignments.

  5. If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.

  6. In Custom Script, to modify the roles' assignment manually, optionally enter your own custom code .

    For example, to log user details to view in the system logs when the authentication method is used and to use custom logic to affect the entered variables, enter the following in Custom Script:

    log.info("XXuser",user);
    log.info("XXprofile",profile);
    log.info("Member of:"+ profile.memberof);
  7. Select OK to save your input.

    Result: The Authentication dialog closes.

  8. In System Settings, select Restart to activate Microsoft Entra ID authentication.

Result

You have configured and activated Microsoft Entra ID authentication for your Neptune DXP - Open Edition.