This guide will show how to configure Dataedo to work with an oAuth2 identity provider. For this article, we'll be using Azure AD as the IdP, but similar steps can be taken for other providers too.
Initial configuration in Azure Portal (oAuth2 provider)
Open Azure Portal and go to App registrations. Choose the New registration option:
In the newly opened tab, type in the application name for your internal use (I chose "Dataedo Web").
After that specifiy who can use this authentication method.
In the Redirect URI section, select Web and type in the address your Dataedo Portal will be accessed on, followed by:
for Docker setup: api/oauth2/authenticate/azureAD
for example https://your-Dataedo-Portal.address/api/oauth2/authenticate/azureAD)
for IIS setup, please use api/api/oauth2/authenticate/azureAD
for example https://your-Dataedo-Portal.address/api/api/oauth2/authenticate/azureAD.)
and click Register.
If you're unsure about your setup, contact our support team.
Copy Application (client) ID from the new screen and save it for future use (if you configured your application as Single Tenant, you will also need Directory (tenant) ID).
Go to Certificates & secrets tab and click on New client secret.
Add a description, select for how long this secret should be valid, and click Add.
Copy the Value field for future use.
Configuring oAuth in Dataedo Portal
Log in to your Dataedo Portal instance with admin permissions, go to System settings and open the Login options tab. Expand AZURE AD (OAUTH 2) section, then paste Client ID (Application (client) ID) and Client Secret (value from Client secret) you've copied in the steps above. If you set your application to support only Single Tenant accounts, paste also Tenant ID. Enable this authentication method by toggling the swtich to ON and click Save.
The next time you open Dataedo Portal, you should have an option to log in with Azure AD:
Click this option to go to the Azure login page or (if you’re already logged in) directly to your Dataedo Portal home page.