Configure ebs for External Authentication
Note: Email Address is the only supported Claim on External Authentication for ebs Ontrack Web Apps facilitated by Azure B2C at this time.
ebs Web Apps Settings
Check that the ebs Ontrack Hub and/or Learner Hub Web App Features for the target EBS environment are set to Use Https and not Use Single Sign On. If your applications follow these settings you can move onto configuring your Reference Data.
If necessary you can upgrade or reinstall making sure use the following parameters during installation:
-
Select Use Https
-
Do NOT select Use Single Sign On
Configure Reference Data
-
Navigate to Reference Data -> OIDC Issuers
-
Add new entry for Azure B2C with the following settings:
-
Issuer - any label can be used, it should just be unique to the ebs environment
-
Claim Name - emails
-
ebs Property -select one of the following from the drop down menu : College Email, Personal Email, or Personal or College Email
Note: You can select more than more ebs property. You can also use different properties for ontrack Hub and ontrack Learner Hub.
-
-
Select Save.
Configure Institution Settings
Settings for Ontrack Hub
-
Navigate to Institution Settings -> Identity Server
-
Until you are ready to switch to using external authentication leave External authentication ontrack Hub Enabled at N
-
In the External authentication ontrack Hub URL field enter your External authentication Ontrack URL.
-
In the External authentication ontrack Hub OIDC Issuerfield use the drop down to choose the OIDC Issuer set up in the steps above.
-
In the External authentication ontrack Hub client ID enter your Application (Client) ID.
-
In the External authentication ontrack Hub token scope enter openid
-
In the External authentication ontrack Hub link message enter the message you want to use to as the link to the external authentication. e.g. Authenticate with External Identity Provider
-
Select Save.
Settings for Ontrack Learner Hub
-
Navigate to Institution Settings -> Identity Server
-
In the External authentication ontrack Learner Hub URL field enter your External authentication Ontrack URL.
-
In the External authentication ontrack Learner Hub OIDC Issuerfield use the drop down to choose the OIDC Issuer set up in the steps above.
-
In the External authentication ontrack Learner Hub client ID enter your Application (Client) ID.
-
In the External authentication ontrack Learner Hub token scope enter openid
-
In the External authentication ontrack Learner Hub link message enter the message you want to use to as the link to the external authentication. e.g. Authenticate with External Identity Provider
-
(optional) Adjust the remaining external authentication fields to contain your preferred text.
-
Select Save.
Testing External Authentication Before switching for users
To do so add one of the below to the end of your ontrack URL. This will display the page as if Azure B2C external authentication is turned on.
Ontrack Hub | /?EXTERNAL_AUTH_HUB_ENABLED=Y |
Ontrack Learner Hub | /?EXTERNAL_AUTH_LEARNER_ENABLED=Y |
Switch to External Authentication for Users
Once you are happy with your settings and have tested that they are working as expected you can use institution settings to switch you authentication method.
Ontrack Hub
-
Navigate to Institution Settings -> Identity Server
-
Set External authentication ontrack Hub Enabled to Y
-
Select Save.
Ontrack Learner Hub
-
Navigate to Institution Settings -> Ontrack Learner - Login Page
-
In Display Create Account panel on screen select Y - External Authentication from the drop down.
-
Select Save.
Testing
Before testing of the external authentication recycle the IIS Ontrack Learner Hub Site and One Web Services Site and/or App Pools to ensure the new External Authentication configuration is live on next launch of the ebs Ontrack Learner Hub or ebs Ontrack Hub web apps.
Troubleshooting
You can find some common problems and their solutions on our Integration Troubleshoot page.