Configuring Authorization for the Web Component

The UNIFYBroker Web Component can be configured to require roles-based authorization for all users. Users are granted permissions based on their role.

Configuring Authorization

To configure authorization, open the Web.config file and make the following changes:

Inside the appSettings element in the configuration element, add the following elements:

<add key="owin:AutomaticAppStartup" value="true" />
<add key="ui:AuthorizeSetting" value="OpenId" />
<add key="ui:ClientId" value="{ClientId}"></add>
<add key="ui:AADInstance" value="https://login.windows.net/"></add>
<add key="ui:TenantId" value="{TenantId}"></add>
<add key="ui:PostLogoutRedirectUri" value="{PostLogoutRedirectUri}"></add>

If any elements already exist with these keys, replace them.

The above three settings should be configured as follows:

NameDescription
ClientIdThe ID of the client application representing UNIFYBroker.
TenantIdThe ID of the tenant.
PostLogoutRedirectUriThe URI to redirect to after logout.

Roles

Operations on the UNIFYBroker website require the user to be in one of the following four roles:

RoleDescription
ReadProvides the ability to view all pages and configuration.
WriteProvides the ability to add components, trigger imports, update settings, etc.
FullProvides the ability to delete components, clear connectors, etc.
AdminProvides the ability to edit LDAP users.

Verifying Configuration

Once authorization has been configured, browsing to the UNIFYBroker website will redirect the user to the login page.

Image 4113

Upon successful login, the user can operate the UNIFYBroker website as usual.
Image 4111

However, attempts to perform operations for which the user is not authorized will inform the user that they do not have sufficient privileges.
Image 4114

Users can sign out at any time by clicking the Sign out link in the navigation bar.
Image 4112

This article was helpful for 1 person. Is this article helpful for you?