This article explains how to incorporate single sign-on (using Microsoft identity platform) into your web application.

Registering Your Web Application in Azure App Registration Portal

As Microsoft needs to be able to identify your application when it’s requesting authorization to access Microsoft identity platform, you’d need to first register a new application with Microsoft.

  1. Navigate to Azure App Registration Portal
    Open your browser and navigate to the Azure App Registration Portal.
    You will be asked to login using a Microsoft account. You can use any of your Microsoft accounts, but it’s best to use a Microsoft account that you specifically designate for this purpose (ask your Administrator to create one if required), so it can easily be transferred to another person in your organisation if the needs arise.
    If you were not asked to sign-in, it means that you are already signed-in to a Microsoft account. Confirm that this is the account you really want to use when registering your web applications. If it’s not the one, sign out and sign back in using the right account.
  2. Click on the New registration button
  3. Enter the application’s display name
  4. Choose whether you’ll allow the usage of both organizational accounts and personal accounts, or just organization accounts.
    If this is a customer-facing application (e.g. online stores, forums), you should allow both account types. If this is an internal application (ie, the users are employees of your organisation), you most likely want to allow just organizational accounts.
  5. Enter your redirect URI
    If you are configuring this to run the Login Form sample app (from the Integration Library package), enter the following value (assuming you are running local LANSA web on port 80, on partition DEM):
    For your production applications, you will need to enter the actual domain name of your web application (e.g. Microsoft also requires that you use HTTPS (localhost however is exempted from the requirement, so you can use http://localhost).
    Keep in mind that the redirect URI registered here must match exactly with what’s provided to Microsoft login form, and it’s also case-sensitive.
  6. Click on the Register button
  7. You have completed registration successfully and now presented with the overview of your new application
    Notice the client ID of your new application. An application’s client ID is a public information, so it’s not required to secure.

Creating a New Client Secret

Client secret is a password that your server-side application uses to prove that it is who it says to Microsoft (remember that client ID is public information so a password is required).
Click on the Certificates & secrets (under Manage)
Click on the New client secret button.

Choose a name (any name would do – just for your own reference).

Click the Add button.
Click on the copy button to copy the newly generated client secret to the clipboard.

Configuring Integration Library with the new client ID and client secret

Launch the Integration Library configuration tool from the Package Manager. See the Configuring the Integration Library section in this guide for more details.
Navigate to the OAuth2 then Microsoft

You have completed the configuration to support signing-in using Microsoft identity platform in your web application.