Add Microsoft Entra ID authentication to your system

After you have prepared the Microsoft Entra admin center, you can add the Microsoft Entra ID authentication to your Neptune DXP - Open Edition.

Prerequisites

Procedure

  1. In the Neptune DXP - Open Edition Cockpit, go to Settings, and select System Settings.

  2. In the Authentication tab, select Edit.

  3. Select + Add and select Microsoft Entra ID.

    Result: The Authentication dialog opens.

  4. Enter a meaningful Name.

  5. Select Active to activate this authentication method.

  6. Select Show on Login page to show the login screen on the Neptune DXP - Open Edition session login page.

  7. Enter a Description.

  8. Enter a Path to retrieve a Neptune DXP - Open Edition session (for example, open-edition-ad-bearer). You can add any string as a path.

  9. From your Microsoft Entra ID account, enter the Tenant ID of your Neptune DXP - Open Edition.

  10. Enter your application’s Client ID from the Microsoft Entra admin center.

  11. Enter the Client Secret key that you generated in New client secret in the Microsoft Entra admin center.

  12. Optionally, to send a reminder email to renew your client secret in Microsoft Entra ID, turn on the switch Send Reminder Email before Expiry.

    If you turn on the switch, in Expiry Date, select the expiry date of the client secret. In Days before Expiry, select the number of days in 24 hours until midnight that the email reminder should be sent before expiry of the client secret. In Send to Email Address, enter an email address of your choosing or one that corresponds to the email address you configure for the SMTP host in the Emailing tab.

  13. To use the Microsoft Authentication Library for JavaScript to authenticate a user managed in Azure Active Directory by acquiring security tokens from the Microsoft identity platform to access secured web APIs, select Use MSAL v2 library to authenticate.

  14. Select whether you want the login to occur using a dialog or via redirect.

    For the dialog login option, set the redirect URI in Microsoft Entra ID to: https://<your-domain.com>/public/azure_redirect.html

    For the redirect login option, set the redirect URI in Microsoft Entra ID to: https://<your-domain.com>/user/logon/azure-bearer/<path>/callback

  15. To influence how the login interaction process occurs, select between the following:

    None

    Log in silently if possible (no UI is shown)

    Login

    Always show the login screen, even if the user is already signed in

    Consent

    Ask the user to approve access again, even if they’ve already consented

    Select Account

    Let the user choose which account to use, even if one is already active

  16. When the user logs in through the standard login page, the Redirect URL is included automatically in the request. If instead you use a direct login link, for example: /user/logon/azure-bearer/<path>, the system cannot determine the redirect URL on its own. In this case, you must enter the redirect URL manually in After Login Redirect.

  17. In Launchpad Logout Redirect, enter a URL that the user should be redirected to when logging out of the launchpad.

  18. Enter any additional scopes required by your application in Optional Access Scopes. The login already includes openid, profile, offline_access, and user.read. Any scopes you add here trigger a separate token request during authentication.

  19. In Claims Assignment, select Add to add claims assignments.

  20. If required, in Auto Assignment, assign roles and groups that you have defined in the Role and Security Group tools in the Cockpit.

  21. In Post Authentication Script, use Script to select a server script that should run after authentication. The script has access to the global variables profile, user, and updatedUser.

    If no server script is selected, you can enter custom logic in Function (profile, user, updatedUser, require, getEntityRepository, log). This allows you to run post-authentication code, such as logging details or modifying the variables, for example:

    log.info("XXuser",user);
log.info("XXprofile",profile);
log.info("Member of:"+ profile.memberof);
    Inline post-authentication scripts will be deprecated in a future patch. Plan to move any custom logic to a server script.

  22. Select OK to save your input.

    Result: The Authentication dialog closes.

  23. In System Settings, select Restart to activate Microsoft Entra ID authentication.

Result

You have configured and activated Microsoft Entra ID authentication for your Neptune DXP - Open Edition.

Related topics