As per subject I’m trying to setup the SSO on the Universal GUI for part of my users and facing an issue.
The documentation mentions the setup of the SSO from Thinkwise perspective which is sufficient, but there is no documentation at least for the setup for Azure/AWS/Google perspective what is actually needed.
- I have a Resource group (RG) called TEST
- I have a VNET for the RG
- I have SQL server and App service in the VNET
- I have a Front Door having the default *.azurefd.net and my custom domain
- The Front Door points to my App service and redirects traffic correctly.
- The Indicium and Universal are installed on the App service.
- The whitelist of client redirect URLs in IAM is my custom domain only.
For the SSO:
- I have done the App registration
- I have added the new configuration in App Service for the OpenID Microsoft authentication
- I have added my custom domain on App service
Problem I face and would like some input is that,
The App registration requires that the Redirect URIs specified are pointing to the App Service default URI being the *.azurewebsites.net and not my custom domain that I have added additionally. How can I have my custom Domain called in the App registration ?
Even if I allow to use only the *.azurewebsites.net as the only URL for the universal and indicium, I can only login with Microsoft only in Indicium, I cannot access the universal GUI. How can I redirect to my custom domain universal GUI?
*Note that local users works fine and can login even through indicium login page.
**The login is very inconvenient as I need to go through the indicium login instead of Universal GUI login. You are unable to use the customization of the custom.css .
Best answer by mperrottView original