Configuring Authorization for the Web Component
The UNIFYBroker Web Component can be configured to require roles-based authorization for all users. Users are granted permissions based on their role.
Configuring Authorization
To configure authorization, open the Web.config
file and make the following changes:
Inside the appSettings
element in the configuration
element, add the following elements:
<add key="owin:AutomaticAppStartup" value="true" />
<add key="ui:AuthorizeSetting" value="OpenId" />
<add key="ui:ClientId" value="{ClientId}"></add>
<add key="ui:AADInstance" value="https://login.windows.net/"></add>
<add key="ui:TenantId" value="{TenantId}"></add>
<add key="ui:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>
If any elements already exist with these keys, replace them.
The above three settings should be configured as follows:
Name | Description |
---|---|
ClientId | The ID of the client application representing UNIFYBroker. |
TenantId | The ID of the tenant. |
PostLogoutRedirectUri | The URI to redirect to after logout. |
Roles
Operations on the UNIFYBroker website require the user to be in one of the following four roles:
Role | Description |
---|---|
Read | Provides the ability to view all pages and configuration. |
Write | Provides the ability to add components, trigger imports, update settings, etc. |
Full | Provides the ability to delete components, clear connectors, etc. |
Admin | Provides the ability to edit LDAP users. |
Verifying Configuration
Once authorization has been configured, browsing to the UNIFYBroker website will redirect the user to the login page.
Upon successful login, the user can operate the UNIFYBroker website as usual.
However, attempts to perform operations for which the user is not authorized will inform the user that they do not have sufficient privileges.
Users can sign out at any time by clicking the Sign out link in the navigation bar.
Customer support service by UserEcho