Configure ebs for External Authentication

Note: Email Address is the only supported Claim on External Authentication for ebs Ontrack Web Apps facilitated by Azure B2C at this time.

ebs Web Apps Settings

Check that the ebs Ontrack Hub and/or Learner Hub Web App Features for the target EBS environment are set to Use Https and not Use Single Sign On. If your applications follow these settings you can move onto configuring your Reference Data.

If necessary you can upgrade or reinstall making sure use the following parameters during installation:

Configure Reference Data

  1. Navigate to Reference Data -> OIDC Issuers

  2. Add new entry for Azure B2C with the following settings:

    1. Issuer - any label can be used, it should just be unique to the ebs environment

    2. Claim Name - emails

    3. ebs Property -select one of the following from the drop down menu : College Email, Personal Email, or Personal or College Email

    Note: You can select more than more ebs property. You can also use different properties for ontrack Hub and ontrack Learner Hub.

  3. Select Save.

Configure Institution Settings

Settings for Ontrack Hub

  1. Navigate to Institution Settings -> Authentication

  2. Until you are ready to switch to using external authentication leave External authentication ontrack Hub Enabled at N

  3. In the External authentication ontrack Hub URL field enter your External authentication Ontrack URL.

  4. In the External authentication ontrack Hub OIDC Issuerfield use the drop down to choose the OIDC Issuer set up in the steps above.

  5. In the External authentication ontrack Hub client ID enter your Application (Client) ID.

  6. In the External authentication ontrack Hub token scope enter openid

  7. In the External authentication ontrack Hub link message enter the message you want to use to as the link to the external authentication. e.g. Authenticate with External Identity Provider

  8. Select Save.

Settings for Ontrack Learner Hub

  1. Navigate to Institution Settings -> Authentication

  2. In the External authentication ontrack Learner Hub URL field enter your External authentication Ontrack URL.

  3. In the External authentication ontrack Learner Hub OIDC Issuerfield use the drop down to choose the OIDC Issuer set up in the steps above.

  4. In the External authentication ontrack Learner Hub client ID enter your Application (Client) ID.

  5. In the External authentication ontrack Learner Hub token scope enter openid

  6. In the External authentication ontrack Learner Hub link message enter the message you want to use to as the link to the external authentication. e.g. Authenticate with External Identity Provider

  7. (optional) Adjust the remaining external authentication fields to contain your preferred text.

  8. Select Save.

New External User Settings

  1. Navigate to Institution Settings -> Authentication

  2. In the External Authentication show Registration page to new users define whether a new B2C external user is shown the registration page to capture additional details, such as a date of birth.

  3. Select Save.

URL Parameters

You should test external authentication before switching for users. To do so, you must add URL parameters to the end of your ontrack URL. This will display the page as if Azure B2C external authentication is turned on. Note that URL parameters can also be used to bypass the ebs login page and direct users to authenticate using a specific authentication provider. For example, to ensure learners only see the option to authenticate using B2C.

The table URL Parameters describes the available URL parameters for testing and live systems.

URL Parameters
Module URL Parameter Notes

Ontrack Hub

/?EXTERNAL_AUTH_HUB_ENABLED=Y

For testing: displays the page as if Azure B2C external authentication is turned on.

/?EBS_AUTH_HUB_ENABLED=Y

For testing: displays the page as if Azure B2C external authentication is turned on.

/?AuthProvider=ExternalHub

Authentication using External hub B2C configuration.

/?AuthProvider=Default

Authentication using the default OIDC configuration.

Ontrack Learner Hub

/?EXTERNAL_AUTH_LEARNER_ENABLED=Y

For testing: displays the page as if Azure B2C external authentication is turned on.

/?AuthProvider=ExternalLearner

Authentication using External Learner B2C configuration.

/?AuthProvider=Default

Authentication using the default OIDC configuration.

Switch to External Authentication for Users

Once you are happy with your settings and have tested that they are working as expected you can use institution settings to switch you authentication method.

Ontrack Hub

  1. Navigate to Institution Settings -> Identity Server

  2. Set External authentication ontrack Hub Enabled to Y

  3. Select Save.

Ontrack Learner Hub

  1. Navigate to Institution Settings -> Ontrack Learner - Login Page

  2. In Display Create Account panel on screen select Y - External Authentication from the drop down.

  3. Select Save.

Testing

Before testing of the external authentication recycle the IIS Ontrack Learner Hub Site and One Web Services Site and/or App Pools to ensure the new External Authentication configuration is live on next launch of the ebs Ontrack Learner Hub or ebs Ontrack Hub web apps.

Troubleshooting

You can find some common problems and their solutions on our Integration Troubleshoot page.