How to Set up Azure Active Directory to perform authentication using Single Sign-On for Bold Reports® On-Premise

This section explains on how to perform Single Sign-On for users in Azure Active Directory on Bold Reports® On-Premise.

Steps to set up Azure Active Directory for Bold Reports® On-Premise

Prerequisites

  • An Azure account with Active Directory support.
  • Install Bold Reports® On-Premise and Login with Administrator account.

Setup Azure Active Directory application

Log on to the Azure portal to create an Azure Active Directory.

  1. Click Create a resource and search Azure Active Directory as follows. Create a resource Create Directory 1

  2. Click Create in the following screenshot. Create Directory 1

  3. Choose Azure Active Directory and click Next: Configuration Create Directory 2

  4. In the dialog box, enter the Name, Domain Name, and choose the Country or Region, and then click Next: Review + Create. Create Directory 3

  5. Crosscheck the details and click Create. Create Directory 3

  6. The application will be added to the directory and you can view the details of the application in the App registrations.

Go to the Azure Active Directory. In the directory, you should add two applications, one of which acts as a Web API for authenticating Bold Reports® On-Premise and the other as a native client application for authenticating the Bold Reports® On-Premise mobile app.

Steps to register Bold Reports® On-Premise application in Azure Active Directory

  1. Enter into the created directory and click Azure Active Directory and then select App registrations.

  2. Now, click New application registration to add a new application. Create Application 1

  3. Enter the name of the application and choose the following options. Register

    • Accounts in any organizational directory (Any Azure AD directory - Multitenant) as Supported account types.
    • Web under the Redirect URI(optional) section and enter the Redirect URI. And then click Register.

    The application will be added to the directory and you can view the details of the application in the App registrations.

  4. Select Branding in the left side menu and enter the Home page URL and click Save. Branding

  5. Select Authentication in the left side menu and save the Logout URL, Implicit grant and Supported account types as highlighted in the following screenshot. Authentication

  6. Select Certificates & secrets to add client secret by clicking the New client secret as in the following screenshot.

    Certificates and secrets

    • Provide description and choose the expires option. Click on Add button.

    Client secret Durations

    Save the client secret value generated.

  7. Go to API permissions, click Add a permission and then click on Microsoft Graph. Microsoft Graph

    Application Permissions
    Directory Read directory data
    Delegated Permissions
    1. Directory Read directory data, Access directory as the signed in user
    2. Group Read all groups
    3. User Read and write access to user profile
    4. Profile View user's basic profile

    Select the above listed permissions and click on Update permissions button. Update Permissions

  8. After adding the permissions, click Grant admin consent to grant the admin consent for these permission. Grant Admin Consent

  9. Select Expose an API in the left side menu and click on set from Application ID URI. App Id URI

    Enter App ID URI and click on Save button App Id URI

    The Application ID URI must be in the format http://{directory domain name}/{application id}

  10. Select Expose an API in the left side menu and click on Add a scope button. App a scope option

    Enter Scope name, choose Admins and users on consent and enter Admin consent display name, Admin consent description, User consent display name, User consent description. Choose the state as Enabled. Click on Add scope button. App a scope

The Redirect URI and Home page URL should be the URL of the Bold Reports® On-Premise application.

Steps to register Bold Reports® On-Premise mobile application in Azure Active Directory

  1. Enter into the respective directory. Click App registrations in the left side menu and then click New registration to add a new application. Add Application

  2. Enter the name of the application and choose the following options, Register

    • Accounts in any organizational directory (Any Azure AD directory - Multitenant) as Supported account types.
    • Public client/native(mobile & desktop) under the Redirect URI(optional) section and enter the Redirect URI. And then click Register.

    The application will be added to the directory and you can view the details of the application in the App registrations.

  3. Select Branding in the left side menu and enter the Home page URL and click Save. Branding

  4. Select Expose an API in the left side menu and click on set from Application ID URI.

App Id URI

Enter `App ID URI` and click on `Save` button

App Id URI

>The `Application ID URI` must be in the format `http://{directory domain name}/{application id}`

The Home page URL should be the URL of the Bold Reports® On-Premise application.

Configure the Azure Active directory details in Bold Reports® On-Premise to perform Single Sign-On

  • Configure the following fields in the Bold Reports® On-Premise to perform Single Sign-On in Bold Reports® On-Premise.

    Application Id: Go to the registered application and click the Overview, and then copy the Application Id and paste it. Application ID

    Application Id URI: Go to the registered application and click the Overview, and then copy the Application Id URI and paste it. Application ID URI

    Tenant Name: It is the default domain name of your Active Directory. Go to the created Azure Active Directory and copy the domain name. Tenant name

    Mobile App Client ID: Go to the registered application for Bold Reports® On-Premise mobile application. Copy the Application Id and paste it. Mob app client ID

Configure the Azure Active directory details in Bold Reports® On-Premise to import users and groups

  • Configure the following fields in Bold Reports® On-Premise settings to import Azure AD users and groups.

    Tenant Name: It is the default domain name of your Active Directory. Go to the created Azure Active Directory and copy the domain name. Tenant name

    Client ID: It is the Client Id of the Bold Reports® On-Premise application in your Azure Active Directory. Go to the registered application and then copy the Application Id in the Overview and paste it here. Client ID

    Client secret code: It is the secure key of the Bold Reports® On-Premise application you created in your Azure Active Directory. Go to the Certificates & secrets and search for the Keys you saved for the application and then choose the Value. Client-Secret

After the settings are configured in Bold Reports® On-Premise, the Azure user can be imported into the Bold Reports® On-Premise. Refer to the following link to Import Azure Active Directory Users and Import Azure Active Directory Groups.