MicroStrategy ONE
Integrate OIDC Support with Microsoft Entra ID (formerly Azure AD)
This procedure provides instructions for integrating MicroStrategy applications with Microsoft Entra ID (formerly Azure AD) using OIDC authentication.
- Create an Application
- Configure MicroStratgy Library in Workstation
- Enable OIDC Auth Mode for MicroStrategy Library
- Configure and Enable OIDC Auth Mode for MicroStrategy Web/MicroStrategy Mobile
Create an Application
- Sign in to the Azure portal. If you have already launched Azure Active Directory, under Manage, select App registration.
- Click New registration.
- In Register an application, enter MicroStrategy as the application name. Choose the account type that best fits your enterprise identity access management.
-
Under Redirect URI, select Public client/native (mobile and desktop). Enter the Library URL suffixed by
/auth/oidc/login
as shown below.https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login
- Click Register.
-
In the newly created app registration screen, locate Authentication in the navigation pane and add the following mobile and desktop application URIs. Replace the environment-specific URIs with your environment name.
http://127.0.0.1
com.microstrategy.hypermobile://auth
com.microstrategy.dossier.mobile://auth
com.microstrategy.mobile://auth
https://env-xxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/static/oidc/success.html
https://env-xxxxxx.customer.cloud.microstrategy.com:443/MicroStrategy/auth/oidc/login
https://env-xxxxxx.customer.cloud.microstrategy.com:443/MicroStrategyMobile/auth/oidc/login
- Click Save.
-
In the navigation pane, locate API permissions.
- Click Add a permission > Microsoft Graph > Delegated permissions.
-
Search for Directory.Read.All, expand Directory, select Directory.Read.All, and click Add permissions.
- Click Update permissions.
-
In the navigation pane, locate Manifest and download the manifest file.
- In the navigation pane, locate Overview and take note of the Client ID for later.
-
Click Endpoints and copy the OpenID Connect metadata document field.
-
Add group claims by choosing Token configuration > Add group claims > ID and save the defined group claim.
-
Add OIDC system prompt mapping claims by choosing Token configuration > Add group claims > ID and save the defined group claim.
Configure MicroStratgy Library in Workstation
- Open Workstation and connect to the Library environment using standard authentication with an admin privilege user.
-
Right-click on the connected environment and choose Configure Enterprise Security.
- Under MicroStrategy Configuration, upload the manifest file you downloaded earlier and provide the OpenID Connect metadata document details.
-
Click Save. For more information about enabling OpenID Connection (OIDC) authentication in Workstation, see Configure Enterprise Security.
Enable OIDC Auth Mode for MicroStrategy Library
- Go to the Library Admin page to enable OIDC authentication as the default for MicroStrategy Library.
- In the navigation pane, click Library Server.
- Under Authentication Modes, select OIDC, and click Create Trusted Relationship.
- Log in, deselect Standard, and click Save. For more information, see Enable OIDC Authentication for MicroStrategy Library.
https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/admin
Configure and Enable OIDC Auth Mode for MicroStrategy Web/MicroStrategy Mobile
The procedure below refers to MicroStrategy Web. However, the same information applies to MicroStrategy Mobile unless otherwise noted.
-
Go to the MicroStrategy Web admin page.
https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategy/servlet/mstrWebAdmin
- Locate the connected Intelligence server and click Modify.
- Click Setup next to the trust relationship between the Web server and MicroStrategy Intelligence server.
- Enter the user credentials with admin privileges and click Create Trust Relationship.
- In the navigation pane, click Default properties and enable OIDC Authentication.
-
Under OIDC Configuration, complete the remaining fields.
- Click Save. For more information, see Enabling OIDC Authentication for JSP Web and Mobile