Edge Authentication

You can use Edge authentication functionality during the login process to match the user's Edge credentials to their ebs record using Microsoft Entra ID authentication or Google Workspace. This process enables Engage users to authenticate with ebs and Microsoft Office 365.

Note: This authentication method removes the need to populate individual user records with OIDC (OpenID Connect) GUID (Globally Unique Identifier) information.

The following diagram illustrates the interaction between ebs and the authentication server (Edge Identity Server (IDS) in this illustration).

Authentication process

Back to top

To configure Edge authentication:

Use the Match users using OIDC Issuer ebs Property institution setting (on the Engage screen) to specify whether to use ebs Properties to match users.

If set to 'Y', you can use the OIDC Issuers reference data to define the mapping values. If these are not set, the OIDC subject is used as a default.

Match users using OIDC Issuer ebs Property institution setting

Back to top

Use OIDC Issuers reference data to set issuer records.

Edge authentication issuer records:

  • IdentityServer – this must always be included and the claim name should be configured to smsid

  • ThirdParty – must be used if authenticating with Microsoft Entra ID

  • Google – must be used if authenticating with GSuite

OIDC Issuers reference data

Note: Properties chosen must not be mutable, and must not be modifiable by the end user.

You can match on the following properties with ebs:

• College Email (PEOPLE.COLLEGE_EMAIL) (for example: claim name email)

• External Identifier (EXTERNAL_IDENTIFIERS.ID)

• Person Code (PEOPLE.PERSON_CODE)

• User ID (USERS.ID)

• Username (USERS.NAME)

Note: Properties should be chosen that can uniquely identify an individual, either within ebs or externally. When matching on properties, if a match cannot be made, or there are multiple records in ebs with the same match information, authorisation to ebs will be refused.

Back to top

To test Edge Authentication:

Use the EdgeSmsUserInfoV2 screen in Interfaces Designer to validate test data and ensure the correct record(s) is matched.

EdgeSmsUserInfoV2 screen

Back to top

Use Edge Authentication to log in with a web browser.

  1. Navigate to the Engage web application.

    The Tribal login screen is displayed.Azure AD button

  1. Click the Microsoft Entra ID button.

    The Microsoft Office 365 Sign in screen is displayed.

    Next button

  1. Enter the relevant user name or email address. Click Next.

    The Enter password screen is displayed.

    Sign in button

  1. Enter password details. Click Sign in.

    The Tribal Engage screen is displayed.

    Tribal Engage screen

Note: Refer to Edge Integration for further information. Please refer to Edge documentation for guidance on configuring the Azure or GSuite tenant

Back to top