- UNIFYNow Forum
-
Questions
How to set UNIFYNow security Roles
https://voice.unifysolutions.net/knowledge-bases/8/articles/2717-unifynow-security says "Operations on the UNIFYNow website require the user to be in one of the following four roles: Read, Write, Full, Admin"
How is this done - i.e. how is a user put in a Role?
Answer
Morning Adrian,
I believe this should be done through the App Roles feature of an app registration:
Add app roles and get them from a token - Microsoft Entra | Microsoft Learn
I have a feeling that the config on the documentation may be incorrect, it may look more like this:
<add key="AuthorizeSetting" value="OpenId">
<add key="ida:ClientId" value="{ClientId}"></add>
<add key="ida:AADInstance" value="https://login.windows.net/"></add>
<add key="ida:TenantId" value="{TenantId}"></add>
<add key="ida:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>
Not many people use the auth feature, so it's also possible that Microsoft have changed a few things in how the auth works and issue claims since the feature was built. At a quick glance, we validate the ClientId and Authority (where Authority is the combination of the AADInstance and Tenantid). If you find that it's not working as expected, let us know and we can investigate to see if any changes are needed.
Customer support service by UserEcho
Morning Adrian,
I believe this should be done through the App Roles feature of an app registration:
Add app roles and get them from a token - Microsoft Entra | Microsoft Learn
I have a feeling that the config on the documentation may be incorrect, it may look more like this:
<add key="AuthorizeSetting" value="OpenId"> <add key="ida:ClientId" value="{ClientId}"></add> <add key="ida:AADInstance" value="https://login.windows.net/"></add> <add key="ida:TenantId" value="{TenantId}"></add> <add key="ida:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>Not many people use the auth feature, so it's also possible that Microsoft have changed a few things in how the auth works and issue claims since the feature was built. At a quick glance, we validate the ClientId and Authority (where Authority is the combination of the AADInstance and Tenantid). If you find that it's not working as expected, let us know and we can investigate to see if any changes are needed.