Skip to main content

How can i configure a user in IAM for the use of Web GUI and Universal GUI at the same time?

For now we are using Web mostly of the time, so the Authentication is set to IAM. 

We want to use the Universal GUI for an other application, but for that we have to set the Authentication field to External, with the Identity provider as Microsoft (AAD).

But with the Authenticaton set to External we cannot login to the Web GUI anymore, it gives a ‘wrong password’-error. 

What is the way to go for using both GUIs at the same time?

Hello @PatrickW,

I’m assuming that you know that IAM authentication works in both the Web GUI and the Universal GUI, but that you would rather use External authentication via AAD for at least the Universal GUI and preferably the Web GUI as well.

The Web GUI does support External authentication via AAD if you are hosting your IAM database in Azure, is this the case? If so, then please have a look at this article to see how to configure the Azure Sql database to support AAD authentication.

If you are hosting the database on premises then this is a bit more tricky. It does appear that Microsoft has added AAD authentication to SQL Server 2022 for on premises, but I haven’t tried this yet myself. If you are using SQL Server 2022, you could try to set up the Azure Arc configuration as described in the linked article and I expect that it will work.

If you are using an older version of SQL Server then your options are limited, I’m afraid. I only see the following solutions in that case:

  • Use IAM authentication for both GUIs, instead of External.
  • Set up a separate IAM database for the Universal GUI and configure those users with External authentication.
  • Create a separate user for the Universal GUI with External authentication.

I hope this helps.


Hi,

IAM authentication in Universal doesn't work for us, we are using the Univeral GUI behind Azure Application Proxy and combined with AAD we have to set the user to External because otherwise there is the following error in the OpenID-provider ‘login attempts’-table; The authentication type for this user is not set to 'External'.

We host the database on prem, so for now I think your last option is the best one; creating separate users.
Thanks.


Hello @PatrickW,

IAM authentication does work in the Universal GUI, but when you have an OpenID provider configured, you need to select the ‘Sign in with local account’ button.

 

If you don’t see this screen then this could be for two reasons:

  • You have clicked ‘Sign in with Microsoft’ button while the ‘Remember my choice’ checkbox was checked. You can resolve this by clearing your browser cookies.
  • You have turned off the option to allow signing in with local accounts, as is documented here

I hope this helps.


Hi @PatrickW,

Can you please let us know if Vincent his answers helped you out?


Yes, for now I have re-enabled signing in with local accounts and it works. Thanks.