To Configure the Web.Config File for Integration with Azure Active Directory
After you have registered your MYOB Acumatica instance with Microsoft Azure and obtained the necessary credentials, you should enable the integration with Microsoft Azure Active Directory (Azure AD) for your MYOB Acumatica instance.
Before You Begin
- Your MYOB Acumatica instance has to be registered on the Microsoft Azure Active Directory portal, as described in To Configure Microsoft Azure for Integration with Your MYOB Acumatica Instance.
- You need a plain-text editor for editing the web.config file.
To Enable Azure AD for the MYOB Acumatica Instance
- Open the web.config file, which is located in the folder that
contains the application instance website.Important:When you save changes to the web.config file, the website is automatically restarted. Make sure that all users are warned about the restart so that they can save their documents in advance.
- In the file, find the
activeDirectory
section within thesystem.web
section and edit it to be similar to the following example.<activeDirectory enabled="true" protocol="MicrosoftGraph" path="Azure_Instance_Tenant_ID" dc="Azure_Domain_Name" user="ApplicationClientID" password="ClientSecret" />
Note the following about the code shown above:
Azure_Instance_Tenant_ID
is the identifier of the Azure ID instance where your application is registered.Azure_Domain_Name
is the Active Directory primary domain name—for example, ad.domain. This value is configured in Active Directory by an administrator.User_NameApplicationClientID
is the client ID that you obtained and copied when you registered your MYOB Acumatica application on the Azure instance.User_PasswordClientSecret
is the client secret that you obtained and copied when you configured your Azure instance for integration with your MYOB Acumatica instance.
The following example shows the code you would use with sample parameter values.
<activeDirectory enabled="true" protocol="MicrosoftGraph" path="6b780bc5-ae33-4d54-80c0-8a6c4da1bf86" dc="acumqahotmail.onmicrosoft.com" user="b3f59ed5-70af-41de-94a7-13fe296a79cb" password="AR97Q~tLWmFLUxUjkZe33yEGGWRAnctTOz0uh" />
- In the
audienceUris
element within thesystem.identityModel
section, specify the URL of your MYOB Acumatica instance similarly to the way it is specified in the following example.<audienceUris> <add value="Full_Acumatica_Instance_URL" /> </audienceUris>
In the code shown above,
Full_Acumatica_Instance_URL
is the full URL of your MYOB Acumatica instance—for example, https://app.site.net/instance_name.Attention:If during the configuration of the application ID URI, you used the default scheme provided by Azure AD, the value ofFull_Acumatica_Instance_URL
isapi://<Application_Client_ID>
. - In the
federationConfiguration
element within thesystem.identityModel.services
section, edit thewsFederation
element similarly to the way it is specified in the following example.<wsFederation passiveRedirectEnabled="false" issuer="https://login.windows.net/Path_to_Azure_instance/wsfed" realm="Full_Acumatica_Instance_URL" requireHttps="false" PersistentCookiesOnPassiveRedirects="false"/>
Attention:If during the configuration of the application ID URI, you used the default scheme provided by Azure AD, the value ofFull_Acumatica_Instance_URL
isapi://<Application_Client_ID>
. In this case, you should add the following line:reply="Acumatica_Redirect_URI"
in thefederationConfiguration
element. - Save the web.config file. The website restarts automatically.
After you have enabled integration with Active Directory, you need to map AD groups to MYOB Acumatica roles, as described in To Map Azure Active Directory Groups to Roles in MYOB Acumatica.