Configuring Authorization for the Web Component

The UNIFYBroker Web Component can be configured to require roles-based authorization for all users. Users are granted permissions based on their role.

Configuring Authorization

To configure authorization, open the Web.config file and make the following changes:

Inside the appSettings element in the configuration element, add the following elements:

<add key="owin:AutomaticAppStartup" value="true" />
<add key="ui:AuthorizeSetting" value="OpenId" />
<add key="ui:ClientId" value="{ClientId}"></add>
<add key="ui:AADInstance" value=""></add>
<add key="ui:TenantId" value="{TenantId}"></add>
<add key="ui:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>

If any elements already exist with these keys, replace them.

The above three settings should be configured as follows:

ClientIdThe ID of the client application representing UNIFYBroker.
TenantIdThe ID of the tenant.
PostLogoutRedirectUriThe URI to redirect to after logout.


Operations on the UNIFYBroker website require the user to be in one of the following four roles:

ReadProvides the ability to view all pages and configuration.
WriteProvides the ability to add components, trigger imports, update settings, etc.
FullProvides the ability to delete components, clear connectors, etc.
AdminProvides the ability to edit LDAP users.

Verifying Configuration

Once authorization has been configured, browsing to the UNIFYBroker website will redirect the user to the login page.

Upon successful login, the user can operate the UNIFYBroker website as usual.

However, attempts to perform operations for which the user is not authorized will inform the user that they do not have sufficient privileges.

Users can sign out at any time by clicking the Sign out link in the navigation bar.

This article was helpful for 1 person. Is this article helpful for you?