How to Set up Azure Active Directory to perform authentication using Single Sign-On for Bold Reports^® On-Premise

This section explains on how to perform Single Sign-On for users in Azure Active Directory on Bold Reports^® On-Premise.

Steps to set up Azure Active Directory for Bold Reports^® On-Premise

Prerequisites

• An Azure account with Active Directory support.
• Install Bold Reports^® On-Premise and Login with Administrator account.

Setup Azure Active Directory application

Log on to the Azure portal to create an Azure Active Directory.

1. Click Create a resource and search Azure Active Directory as follows.

2. Click Create in the following screenshot.

3. Choose Azure Active Directory and click Next: Configuration

4. In the dialog box, enter the Name, Domain Name, and choose the Country or Region, and then click Next: Review + Create.

5. Crosscheck the details and click Create.

6. The application will be added to the directory and you can view the details of the application in the App registrations.

Go to the Azure Active Directory. In the directory, you should add two applications, one of which acts as a Web API for authenticating Bold Reports^® On-Premise and the other as a native client application for authenticating the Bold Reports^® On-Premise mobile app.

Steps to register Bold Reports^® On-Premise application in Azure Active Directory

1. Enter into the created directory and click Azure Active Directory and then select App registrations.

2. Now, click New application registration to add a new application.

3. Enter the name of the application and choose the following options.

   • Accounts in any organizational directory (Any Azure AD directory - Multitenant) as Supported account types.
   • Web under the Redirect URI(optional) section and enter the Redirect URI. And then click Register.

   The application will be added to the directory and you can view the details of the application in the App registrations.

4. Select Branding in the left side menu and enter the Home page URL and click Save.

5. Select Authentication in the left side menu and save the Logout URL, Implicit grant and Supported account types as highlighted in the following screenshot.

6. Select Certificates & secrets to add client secret by clicking the New client secret as in the following screenshot.

   

   • Provide description and choose the expires option. Click on Add button.

   

   Save the client secret value generated.

7. Go to API permissions, click Add a permission and then click on Microsoft Graph.

   Application Permissions
   Directory	Read directory data
   Delegated Permissions
   1. Directory	Read directory data, Access directory as the signed in user
   2. Group	Read all groups
   3. User	Read and write access to user profile
   4. Profile	View user's basic profile

   Select the above listed permissions and click on Update permissions button.

8. After adding the permissions, click Grant admin consent to grant the admin consent for these permission.

9. Select Expose an API in the left side menu and click on set from Application ID URI.

   Enter App ID URI and click on Save button

   The Application ID URI must be in the format http://{directory domain name}/{application id}

10. Select Expose an API in the left side menu and click on Add a scope button.

    Enter Scope name, choose Admins and users on consent and enter Admin consent display name, Admin consent description, User consent display name, User consent description. Choose the state as Enabled. Click on Add scope button.

The Redirect URI and Home page URL should be the URL of the Bold Reports^® On-Premise application.

Steps to register Bold Reports^® On-Premise mobile application in Azure Active Directory

1. Enter into the respective directory. Click App registrations in the left side menu and then click New registration to add a new application.

2. Enter the name of the application and choose the following options,

   • Accounts in any organizational directory (Any Azure AD directory - Multitenant) as Supported account types.
   • Public client/native(mobile & desktop) under the Redirect URI(optional) section and enter the Redirect URI. And then click Register.

   The application will be added to the directory and you can view the details of the application in the App registrations.

3. Select Branding in the left side menu and enter the Home page URL and click Save.

4. Select Expose an API in the left side menu and click on set from Application ID URI.

Enter `App ID URI` and click on `Save` button

>The `Application ID URI` must be in the format `http://{directory domain name}/{application id}`

The Home page URL should be the URL of the Bold Reports^® On-Premise application.

Configure the Azure Active directory details in Bold Reports^® On-Premise to perform Single Sign-On

• Configure the following fields in the Bold Reports^® On-Premise to perform Single Sign-On in Bold Reports^® On-Premise.

  Application Id: Go to the registered application and click the Overview, and then copy the Application Id and paste it.

  Application Id URI: Go to the registered application and click the Overview, and then copy the Application Id URI and paste it.

  Tenant Name: It is the default domain name of your Active Directory. Go to the created Azure Active Directory and copy the domain name.

  Mobile App Client ID: Go to the registered application for Bold Reports^® On-Premise mobile application. Copy the Application Id and paste it.

Configure the Azure Active directory details in Bold Reports^® On-Premise to import users and groups

• Configure the following fields in Bold Reports^® On-Premise settings to import Azure AD users and groups.

  Tenant Name: It is the default domain name of your Active Directory. Go to the created Azure Active Directory and copy the domain name.

  Client ID: It is the Client Id of the Bold Reports^® On-Premise application in your Azure Active Directory. Go to the registered application and then copy the Application Id in the Overview and paste it here.

  Client secret code: It is the secure key of the Bold Reports^® On-Premise application you created in your Azure Active Directory. Go to the Certificates & secrets and search for the Keys you saved for the application and then choose the Value.

After the settings are configured in Bold Reports^® On-Premise, the Azure user can be imported into the Bold Reports^® On-Premise. Refer to the following link to Import Azure Active Directory Users and Import Azure Active Directory Groups.