0
Answered

How to set UNIFYNow security Roles

Adrian Corston 2 years ago updated by Matthew Davis (Technical Product Manager) 1 year ago 2

https://voice.unifysolutions.net/knowledge-bases/8/articles/2717-unifynow-security says "Operations on the UNIFYNow website require the user to be in one of the following four roles: Read, Write, Full, Admin"

How is this done - i.e. how is a user put in a Role?

Answer

Answer
Under review

Morning Adrian,

I believe this should be done through the App Roles feature of an app registration:

Add app roles and get them from a token - Microsoft Entra | Microsoft Learn

I have a feeling that the config on the documentation may be incorrect, it may look more like this:

<add key="AuthorizeSetting" value="OpenId">
<add key="ida:ClientId" value="{ClientId}"></add>
<add key="ida:AADInstance" value="https://login.windows.net/"></add>
<add key="ida:TenantId" value="{TenantId}"></add>
<add key="ida:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>

Not many people use the auth feature, so it's also possible that Microsoft have changed a few things in how the auth works and issue claims since the feature was built. At a quick glance, we validate the ClientId and Authority (where Authority is the combination of the AADInstance and Tenantid). If you find that it's not working as expected, let us know and we can investigate to see if any changes are needed.

Answer
Under review

Morning Adrian,

I believe this should be done through the App Roles feature of an app registration:

Add app roles and get them from a token - Microsoft Entra | Microsoft Learn

I have a feeling that the config on the documentation may be incorrect, it may look more like this:

<add key="AuthorizeSetting" value="OpenId">
<add key="ida:ClientId" value="{ClientId}"></add>
<add key="ida:AADInstance" value="https://login.windows.net/"></add>
<add key="ida:TenantId" value="{TenantId}"></add>
<add key="ida:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>

Not many people use the auth feature, so it's also possible that Microsoft have changed a few things in how the auth works and issue claims since the feature was built. At a quick glance, we validate the ClientId and Authority (where Authority is the combination of the AADInstance and Tenantid). If you find that it's not working as expected, let us know and we can investigate to see if any changes are needed.