Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Single Sign-On (SSO) - Active Directory or Azure

            Modified on Sat, 24 Jan at 11:29 AM

            Enabling Authentication in ManagementStudio

            Active Directory Authentication (On-Premise)

            Allow Client Login

            • ManagementStudio automatically authenticates users with the domain of the service account.
            • No additional configuration is required for client login.

            Create Accounts / Synchronise Roles

            To synchronise user accounts and roles with Active Directory or Azure AD:

            1. Create an Azure AD Connector, or use an existing one.
            2. Navigate to Administration → Role Groups.
            3. In the Az Groupfield, enter the name(s) of the Azure Group(s) to read users from:
              • For Azure AD connectors, optionally prefix the group as [Azure Conn Name]\[Azure Group Name].
              • Separate multiple group names with ;.
              • Optionally, enable AD User Source to create accounts in ManagementStudio based on the group members.

            Allow Portal Login

            Add the Server Role

            • Ensure the following Windows role is installed:
              • Web Server (IIS) → Web Server → Security → Windows Authentication

            Configure Authentication in IIS

            Set authentication settings on the ManagementStudio website in IIS:

            • Anonymous Authentication: Enabled
            • Windows Authentication: Enabled
            • All other authentication methods: Disabled

            Update appsettings.json

            Refer to the Update appsettings.json section for required configuration.

            Azure Authentication

            Azure Application Registration

            1. Create an Azure Application Registration (or use an existing registration).
            2. Add API Permissions:
              • Use Application permissions for Client Secret or Certificate.
              • Use Delegated permissions for username and password.
              • Required permissions:
                • GroupMember.Read.All
                • User.ReadBasic.All
            3. In the App Registration's Authentication section:
              • Add a platform and select Web.
              • Add a redirect URI: https://[ManagementStudioUrl]/signin-oidc (must be HTTPS).
              • Replace localhost with your actual ManagementStudio URL.
              • Add a platform for Mobile and desktop applications, checking:
                • https://login.microsoftonline.com/common/oauth2/nativeclient
              • Tick the ID tokens (used for implicit and hybrid flows) option.
            4. Configure either a Client Secret or Certificate for authentication.
            5. Save the Azure App configuration.

            ManagementStudio Allow Azure Client Login

            1. Navigate to Administration → Global Settings.
            2. Enter the Tenant ID and Client ID of the Azure Application Registration.
            3. Enter either a Client Secret or Certificate from the Application Registration.

            Create Accounts / Synchronise Roles

            Used to sync ManagementStudio accounts from Azure groups. Not required for portal access.

            1. Navigate to Administration → Role Groups.
            2. Enter Azure Group name in the Az Groupfield.
              • Optionally prefix as [Azure Conn Name]\[Azure Group Name].
              • Separate multiple group names with ;.
              • Optionally enable AD User Source to create accounts from AD/Azure group members.

            Allow Portal Login

            1. Navigate to Administration → Global Settings.
            2. Enter the Tenant ID and Client ID of the Azure App Registration.
            3. In Azure App Registration, under Authentication:
              • Add a platform, select Web.
              • Save configuration.

            Update appsettings.json

            Refer to the Update appsettings.json section for configuration steps.

            Update appsettings.json

            The appsettings.json file is located in the website directory on the ManagementStudio IIS server. Update the relevant section as detailed below. After editing, ensure you restart the IIS service for changes to take effect.

            For On-Prem Active Directory Authentication Only

            "PortalAuth": {
    "WindowsAuth": {
        "Enabled": true,
        "Comment": "WindowsAuth requires Windows Authentication to be enabled in IIS, without this MS will not launch!"
    }
}

            For Azure Authentication Only

            "PortalAuth": {
    "AzureAuth": {
        "Enabled": true
    }
}

            For Both On-Prem Active Directory and Azure Authentication

            "PortalAuth": {
    "WindowsAuth": {
        "Enabled": true,
        "Comment": "WindowsAuth requires Windows Authentication to be enabled in IIS, without this MS will not launch!"
    },
    "AzureAuth": {
        "Enabled": true
    }
}

            Troubleshooting

            Error: "This page isn't working at the moment" when attempting to view a Portal Form.

            • Verify that the Mobile and Desktop Applications section is correctly configured in the Azure Application Registration's Authentication settings.

            Further Support

            For additional support, visit the ManagementStudio Service Desk to search the knowledge base or to raise a support ticket.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0