Azure Active Directory (Cloud)

GAPTEQ supports the authentication of your GAPTEQ users via Azure Active Directory (Azure AD), thereby reducing your administrative workload in user management. You can make the settings conveniently via the GAPTEQ portal.

In this article you will read the following content:

 Set up AzureAD in the GAPTEQ-Portal

Settings in Azure-Portal

1. Set up AzureAD in the GAPTEQ-Portal

• To do this, go to the GAPTEQ-Portal and open the corresponding Subscription
• Under the Server tab, click the “Set up AzureAD” button - the following dialog box opens

• First set the checkbox “Activate AzureAD login”

2. Settings in Azure-Portal

2.1 App registration 

The use of Azure AD for an application requires an app registration.

• To do this, go to your Azure portal and create a new app registration as follows:
  • Go to the “App registrations” resource group and click on “New registration”.
  • For example, enter “GAPTEQ-TEST” as the name (→ the name is not relevant for the configuration, you can also enter a different name).
  • On the “Supported account types” tab, select “Only accounts from in this organization directory (...)”. 

„https://www.companyname.de/gapteqforms/oidc/signin-oidc“ or

„https://localhost/gapteqforms/oidc/signin-oidc“.

• Click on “Register” to complete the app registration.

2.2 Token configuration 

The token configuration specifies what an authenticated user of the application is allowed to read from the Azure AD. The following settings are required for GAPTEQ.

• To do this, click on “Token configuration” in the app registration overview on the left-hand side.

Add optional entitlement

• Click on “Add optional entitlement”. A window opens in the right-hand side area, where you select the value “ID” for “Token type”.
• A list appears - select the values “email”, “family_name”, “given_name”, “verfied_primary_email”, “verified_secondary_email” and click on “Add”.
• Another window will appear. Check the box “Activate Microsoft Graph authorization (...)” and click on “Add”.

• To add a group entitlement, click on “Add group entitlement”.
• A window opens on the right-hand side. Select “Security groups” and click on “Add”.

2.3 API authorizations

The API authorization defines what a client application is allowed to read from the Azure AD. The following settings are required so that the GAPTEQ Designer can read users and user groups.

• To do this, go to “Authentication” in the app registration overview on the left-hand side.

• Click on “Add platform”. A window appears in the right-hand area. Select “Mobile device and desktop applications".
• Another window appears, select: “https://login.microsoftonline.com/common/oauth2/nativeclient” and click on “Add”.

Set Token-ID 

• Once you have added the platform, you can set the ID token under the “Authentication” tab by checking the checkbox "ID tokens (used for implicit and hybrid flows)".

Set API authorizations
Click on “API permissions” in the left-hand area of the app registration overview. You will already see a list of API permissions. To add permissions, proceed as follows:

• Click on “Add permission”, a window will appear in the right-hand area, select “Microsoft Graph” there.
• In the following window, select “Delegated permissions”, a grouped list appears at the bottom.
• Select the fields “email”, “openid” and “profile” in the list in “OpenId authorizations”. Further down in the list in the “Group” group, select “Group.Read.All”. Again further down in the list in the “User” group, select “User.Read” and “User.Read.All”.
• Then click on “Add authorization”. You will then see a list of all authorizations.