Necessary MS Azure cloud configurations
After logging into your MS Azure cloud, follow the following steps:
Register and configure an "app" for translate5 in Azure ActiveDirectory
"appRoles": [ { "allowedMemberTypes": [ "User" ], "description": "TermSearch users can use TermSearch in translate5 TermPortal.", "displayName": "TermSearch user in translate5 TermPortal", "id": "d1c2ade8-98f8-45fd-aa4a-6d06b947c66f", "isEnabled": true, "lang": null, "origin": "Application", "value": "termCustomerSearch" }, { "allowedMemberTypes": [ "User" ], "description": "InstantTranslate users can use InstantTranslate in translate5.", "displayName": "InstantTranslate user in translate5", "id": "d2c2ade8-98f8-45fd-aa4a-6d06b947c66f", "isEnabled": true, "lang": null, "origin": "Application", "value": "instantTranslate" }, { "allowedMemberTypes": [ "User" ], "description": "PMs have project manager rights in translate5.", "displayName": "translate5 PM", "id": "d3c2ade8-98f8-45fd-aa4a-6d06b947c66f", "isEnabled": true, "lang": null, "origin": "Application", "value": "pm" }, { "allowedMemberTypes": [ "User" ], "description": "Editor users have basic login and edit rights in translate5.", "displayName": "translate5 editor", "id": "d4c2ade8-98f8-45fd-aa4a-6d06b947c66f", "isEnabled": true, "lang": null, "origin": "Application", "value": "editor" }, { "allowedMemberTypes": [ "User" ], "description": "Admin users in translate5 have additional admin rights to the PM rights.", "displayName": "translate5 admin", "id": "d5c2ade8-98f8-45fd-aa4a-6d06b947c66f", "isEnabled": true, "lang": null, "origin": "Application", "value": "admin" }, { "allowedMemberTypes": [ "User" ], "description": "API users can access the translate5 API.", "displayName": "translate5 API user", "id": "d6c2ade8-98f8-45fd-aa4a-6d06b947c66f", "isEnabled": true, "lang": null, "origin": "Application", "value": "api" } ],
"optionalClaims": { "idToken": [ { "name": "upn", "essential": false, "additionalProperties": [ "include_externally_authenticated_upn"] },{ "name": "email", "essential": false },{ "name": "family_name", "essential": false },{ "name": "given_name", "essential": false } ] },
Assign the appropriate translate5 roles to your users in Azure
You can assign the translate5 roles for your users directly in Azure. If Azure transfers roles for your users to translate5 (as it does with the above configuration) translate5 will set these roles with each login via Azure in translate5 - and change existing roles for the user and ignore the roles that are set for the OpenID configuration for the corresponding client in translate5.
Please note: Signing in via Azure with the following steps does only work for normal users in Azure, not for Guest users. Maybe there are some tweeks in Azure that allow it for Guest users as well - if someone finds out please add to this documentation.
Now the settings in Azure ActiveDirectory are complete. Proceed with the settings in translate5.
translate5 settings to use Azure Active directory as OpenID connect server
The following instructions show translate5 settings that are needed to use translate5 as OpenID connect client together with MS Azure ActiveDirectoy in conjunction with the Azure settings, that have been outlined above.
For convenience: Please find the MS Azure Login URL for the "OpenID server URL" field of translate5 below for copying:
https://login.microsoftonline.com/common/v2.0
For convenience: Please find the MS Azure OAuth endpoint URL for copying in the following field:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Congratulations - you are good to go now! Your users are able to sign in via Azure.
And if you checked the last checkbox above, they are ONLY able to sign in via Azure on the domain, you defined for this client in its client configuration. On other domains of the same translate5 instance users will still be able to sign in via the login page.