Documentation

Authentication Provider

You can access the authentication provider settings in the firstrun wizard (see First Run Configuration ) or later through

https://<host>/admin
General Settings
Entra Id Configuration

Entra Id Configuration

The RheinInsights Retrieval Suite relies on Entra Id as authentication provider to secure its frontend, as well as the backend from unauthorized access.

App Registration

You need to register one application within your Entra Id instance so that the RheinInsights Suite can authenticate you as a user. Please proceed as follows:

Open https://portal.azure.com
Open Entra Id
On the left hand side, click on manage and click on App registrations
Click on New registration
1. Enter a name
2. Leave the account types as only for your organization
3. Choose Single-page application
4. Add the redirect URI according to your setup, so that it points to the root of either the load balancer in front of the suite or to the instance you are running.
5. The URLs, you need to add are:
  1. https://<yourUrl>
  2. https://<yourUrl>/firstrun
  3. https://<yourUrl>/admin
6. Click on Register
Open API permissions
1. Click on Add a permission
2. Click on Microsoft Graph
3. Click on delegated permissions
  1. Add user.read.all
4. Grant tenant-wide consent for the permissions.
  
  The result must look like:
Click on overview and copy the tenant Id and client Id, as these are needed later in the process

Setting up the Entra Id Configuration in the Suite

Now,

enter the tenant id (from the steps above)
enter the client id (from the steps above)
Click on validate
A popup must open. If it does not open, allow the browser to show popups from the Suite, click on validate again
Login with your Entra Id credentials into your Entra Id tenant (the password is not shared with the RheinInsights Suite)
If the login succeeds, you can continue with the configuration