Single Sign-On (SSO) - Microsoft Entra ID – CloudSoda

This documentation serves as a comprehensive guide to facilitate the integration of Microsoft Entra ID with the DataIntell application. By following the steps below, you’ll be able to establish a connection between the two applications.

Setting up the Microsoft Entra ID Application

Setting up the Application

To set up the application in Microsoft Entra ID, follow these steps:

Register a New Application

Navigate to the Azure Portal and register a new application.

From the Azure portal, click on the Microsoft Entra ID service.

DataManagementDocumentation_Entra_EntraMenuRegisterApp.png — From the Microsoft Entra ID main menu, click on (1) App registrations and (2) New registration.

In the Register an application form, you will need:

Name : Choose a name that clearly identifies this as the DataIntell application within Microsoft Entra ID.
Supported account types : Select the account type that aligns with your use case. In most case, you can use the Accounts in this organizational directory only. If you are not sure, you can click on Help me choose…
Redirect URI : This URL allows the DataIntell application to redirect users after login. Select Single-page application (SPA) from the dropdown and enter {DataIntellURL}/login in the text field, where {DataIntellURL} represents the URL used to access DataIntell in the browser.

DataManagementDocumentation_Entra_RegisterAppCreate.png — Register the DataIntell application, replacing the *http://localhost:3000* in the Redirect URI with your DataIntell URL.

Retrieve Application IDs

After creating the application, note down the Application (client) ID and Directory (tenant) ID. These values are required for the login configurations in DataIntell which will be covered in a later section.

The DataIntell application in Microsoft Entra ID and the two values that will be required in the DataIntell application.

Configure Token Claims and Permissions

Add the groups claim to the token provided by Microsoft Entra ID.

DataManagementDocumentation_Entra_TokenConfiguration.png — From the DataIntell application in Microsoft Entra ID, click on (1) Token configuration, (2) Add groups claim, select (3) Security groups and click (4) Add.

Additionally, grant the Group.Read.All API permission to the application.

DataManagementDocumentation_Entra_APIPermissionFirst.png — From the DataIntell application in Microsoft Entra ID, click on (1) API permissions, (2) Add a permission and (3) Microsoft Graph.

DataManagementDocumentation_Entra_APIPermissionSecond.png — From the new panel, click on (1) Delegated permissions, search (2) group, select (3) Group.Read.All and click (4) Add permissions.

DataManagementDocumentation_Entra_APIPermissionThird.png — As an Administrator, click on Grant admin consent and grant admin consent to Group.Read.All.

Adding Users to the Application

Once the DataIntell application is set up in Microsoft Entra ID, it is possible to limit the usage of the application only to the users that are assigned to the application. This step can be skipped if you want all the users in your organization to have access to the application.

DataManagementDocumentation_Entra_EntraMenuEnterpriseApp.png — From the Microsoft Entra ID main menu, click on Enterprise applications.

DataManagementDocumentation_Entra_EnterpriseAppSelect.png — From the Enterprise applications menu, search for the DataIntell application and click on its name.

From the DataIntell Enterprise Application page, click on (1) Properties and then click on (2) Yes for the Assignment required? field.

DataManagementDocumentation_Entra_AssignmentRequired — From the Enterprise applications menu, search for the DataIntell application and click on its name.

From the DataIntell Enterprise Application page, click on (1) Properties and then click on (2) Yes for the Assignment required? field.

From the DataIntell Enterprise Application page, click on (1) Users and groups and (2) Add user/group.

From the Add Assignment page, click on (1) Users, select (2) the users you want to add, click on (3) Select and (4) Assign.

Setting up Roles & Groups

In DataIntell, roles and groups are integral components of user access management. While groups are user-created and optional, roles are essential for granting access to critical sections of DataIntell.

Roles to Establish within Microsoft Entra ID

dataintell_role_admin : The Administrator role grants comprehensive access, enabling users to configure vital aspects of the application.
dataintell_role_project_manager : A role that allows the user to create, update or delete a project.
dataintell_role_report_manager : A role that allows the user to create, update or delete a report.
dataintell_role_archiware_archive : A role that allows the user to archive files or folders with Archiware P5. Requires the Archiware P5 plugin.
dataintell_role_archiware_restore : A role that allows the user to restore files or folders from Archiware P5. Requires the Archiware P5 plugin.
dataintell_role_soda_transfer : A role that allows the user to transfer files or folders with CloudSoda. Requires the CloudSoda plugin.
dataintell_role_storage_manager_archive : A role that allows the user to archive files or folders with Quantum StorNext. Requires the Quantum Storage Manager plugin.
dataintell_role_storage_manager_restore : A role that allows the user to restore files or folders with Quantum StorNext. Requires the Quantum Storage Manager plugin.

Example of Setting up Groups

Group name in DataIntell : OnlyCloud
Group name in Microsoft Entra ID : dataintell_group_OnlyCloud

An example of how the group should look like in Microsoft Entra ID (left) and in DataIntell (right).

By establishing these roles and, optionally, configuring groups, administrators can effectively manage access control within DataIntell while integrating seamlessly with Microsoft Entra ID.

From the Microsoft Entra ID main menu, click on Groups.

From the Groups menu, click on New group.

Fill in the form to create the group, making sure that the Group name follows the previously mentioned rules.

You can add users to the group by clicking on (1) No members selected, then (2) select the members that you want to add and then (3) click on Select.

Setting up DataIntell to Use Microsoft Entra ID

Setting up the Login Configurations

Configure DataIntell to use Microsoft Entra ID for login

Provide Required Values

Enter the following values in DataIntell’s login configuration:

Client ID: Application (client) ID from DataIntell’s application in Microsoft Entra ID.
Tenant ID: Directory (tenant) ID from DataIntell’s application in Microsoft Entra ID.
Redirect URI: {DataIntellURL}/login, where {DataIntellURL} is the URL to access DataIntell.

Test Configuration

Click on Update Configurations to test the provided values. Allow any pop-ups that may appear during the testing process.

Save Changes and Sign Out

After successful testing, the new settings will be saved. Sign out to apply the changes and proceed to log in using Microsoft Entra ID credentials.

From the DataIntell application, click on (1) -> General, enable (2) the Microsoft Entra ID login, fill in (3, 4, 5) the required information and update (6) the configurations.

DataManagementDocumentation_Entra_DataIntellEntraLogin.png — From the DataIntell login portal, you can now click on Sign in with Microsoft to sign in using Microsoft Entra ID.