Skip to main content

Authentication Options in Ouvvi

Within Ouvvi you have three options for authentication:

Which you use will depend on your own internal requirements and preferences. By default Windows authentication is selected but you can change this during the configuration setup of your Ouvvi tenant.

info

If you have already configured your authentication and want to change this then you will need to configure a new tenant and import your Ouvvi projects, triggers etc.

Windows Authentication

Windows Authentication is the default auth option for Ouvvi. It uses machine/network accounts with integrated security to sign into Ouvvi, for example DOMAIN\MyUser.

When initially configuring your Ouvvi site you can ensure that windows authentication is chosen within the configuration window by selecting Windows from the Authentication Mode dropdown.

Windows Auth

Forms Authentication

Forms Authentication is used to either configure Azure AD authentication or to define your own logins that are held in the Ouvvi database.

Below the custom login configuration is described and Azure AD Authentication setup is covered in the section below.

To use forms authentication you need to select Forms from the Authentication Mode dropdown in the Ouvvi tenant configuration window when you are first configuring your tenant.

info

Please note that basic forms authentication has no password recovery for users. Administrators can reset passwords, however if the admin password is lost then you will be locked out of your Ouvvi tenant.

Forms Authentication

You will configure the System Admin account to be used when you finish setting up your Ouvvi site in the browser.

Ouvvi Setup

Once you have installed the tenant you can browse to your Ouvvi site by right clicking on your tenant and selecting Browse.

This will display the setup page where you need to specify that the authentication mode is Internal Accounts, we will specify that you want to use Azure AD authentication after the setup has completed.

Enter in a username and password for an account to login temporarily, and select your regional settings. Then click Setup to finish creating your Ouvvi site.

Forms Setup

This will then redirect to the sign in page. Enter in the account details you entered a moment ago to login.

Forms Login

You can now add additional users as needed. For more details on adding users please see our Users documentation.

Azure AD Authentication

The below details will guide you on how to configure the Azure AD App and what you need to do to configure Ouvvi but it will not describe in detail how to install and get started with your Ouvvi tenant. If you are looking for installation instructions please select the installation type you are after on the installation page.

To start you need to create and install the Ouvvi tenant in the Deployment Manager. Follow the steps described in the Forms Authentication section as you will configure the Admin Azure AD account to be used when you finish setting up your Ouvvi site in the browser.

Azure AD Configuration Ouvvi

Once you have installed and setup your Ouvvi site you need to open the settings menu, select Systems Settings, and click onto Azure AD in the sub menu to open the AD configuration page.

Azure AD Button

This page will give you the redirect url you need to configure the Azure App registration. Copy this and move on to creating the App in Azure AD.

Redirect URL

Azure AD App Registration

The next step is to create an app in Azure to enable the connection between Ouvvi and your Azure AD to be able to authenticate the user details.

To do this browse to your Azure portal and open Azure Active Directory. Then select App Registrations from the list and click onto New Registration to create a new app.

Azure New App Registration

Enter in a name for the app and decide on the supported account types, usually we choose the default Accounts in this organisational directory only.

The redirect should be the URI of your Ouvvi site with /account/callback added on the end. e.g. http://localhost:8080/account/callback, and make sure to select Web from the dropdown.

App Setup

Client Secret

You now need to create the client secret by choosing Certificates & secrets from the menu and then clicking New client secret. Add a description and select the expiry time.

note

When the client secret expires you will need to create a new secret and install this into Ouvvi.

Add Secret

The client secret will be made visible once it has been created. Please make a note of this as you will not be able to retrieve it later.

Client Secret

Client & Tenant ID

You should also navigate to the overview page and make a note of the Application (client) ID and the Directory (tenant) ID as we will need these to enter into Ouvvi.

Client ID

Finish Config in Ouvvi

Now navigate back to the Azure AD configuration page mentioned earlier and enter in the Tenant ID and Client ID gathered from Azure.

Azure Auth Config

This will then redirect to the Microsoft login. The account you use to sign in now will be registered as the system admin within your Ouvvi site.

Once you have entered the credentials you will then be prompted to accept the permissions requested by the app, you should see the name of the App below Permissions requested and this should match the name you configured in Azure AD. Click Accept to enable the connection.

Microsoft Permissions Request

Now finish the configuration by entering the Client Secret and click Save to finish enabling Azure AD Authentication on your Ouvvi site.

Add Secret

This will sign you out of your Ouvvi site and you can click Sign In to be redirected to the Microsoft login page, where you can enter the credentials you just used to authorise the connection to Azure AD.

Signed Out

The original internal account will remain in your user profiles list.

You can then add additional users as needed by making sure that AzureAD Identity is selected as the type and supplying their name and logon name which should be their email address. Make sure the account is enabled in Ouvvi and set the permissions as needed.

Add Azure User