Home > Forum > General > Entra ID (former Azure AD)

Entra ID (former Azure AD)
0

31.05.2024
12:18
Marcin Szymanek

I searched the site and found the latest post on AAD from 2021,
and only one request for help with EntraID...

Nobody seems to have a problem with this? Or maybe no one uses WebCon without local domains?
Impossible!

So... How to build WebCon BPS with EntraID as the only source of identity?
I have some ideas for preparing some business processes in a cloud environment (Azure) that will never have access to classic domain controllers
I need a full user database on EntraID (AAD).

I tried with the free online instance of WebCon togeter with quite outdated manual. It requires restarting some services as soon as you add AAD authentication to BPM - I didn't even have a way to check if it works because I can't restart services on public cloud infrastructure... so the project was abandoned.

Is there any way to go further with that in SaaS model?
Do I need to build everything from scratch (on PaaS/IaaS) ?

MS

Reply  
01.06.2024
11:37
MVP
Maksymilian Stachowiak

Hi Marcin,
I've configured webcon (freemium) on Azure VM's, and on local servers, where AAD was the only used authentication without any troubles.

It is rather simple, and those instructions from 2021 should still apply - no breaking changes in this area if i recall correctly.
There are 2 things you should do:
* Configure Authentication
* Configure Users Synchronization

This boils down to creating 2 separate app registrations on the Entra ID
* First one (auth) should have Delegated User.Read API permissions
* Second one (sync) should have both Application and Delegated (screenshot from docs in attachments)

Both are described here:
PL: https://kb.webcon.pl/integracja-webcon-bps-z-azure-active-directory/
EN: https://community.webcon.com/posts/post/webcon-bps-integration-with-azure-active-directory/119/3

I'm nearly sure, that Webcon SaaS (the one that is hosted and managed by webcon) have to allow syncing from EntraID, as it would be much simpler than cofiguring it to work with on prem AD, although I've never used it maybe someone with experience in this area will give some insights.

What do you mean by 'free online instance'?

Reply  
Solution (0) Helpful (0) Wrong answer (0)
03.06.2024
07:55
MVP
Daniel Krüger (Cosmo Consult)

Hi Marcin,

as you mentioned, Entry ID was formerly Azure AD and the documentation wasn't updated in this regard.

Let me add a few things to those Maks already mentioned.

App registration.
If you want, you can use the same app registration for authorization and user synchronization.



Public Cloud
Has a multi tenant app registration which only requires the consent of an admin. This app registration can not be used for user synchronization. You can replace this with an own app registration.
You can restart the services from the WEBCON APPS Administration panel.
https://portal.webconapps.com/db/1/app/7


Best regaards,
Daniel

Reply  
Solution (0) Helpful (0) Wrong answer (0)
Menu
Babinskiego 69
30-393 Krakow, Poland
office@webcon.com
+48 12 443 13 90