MicroStrategy ONE
Custom Redirect URIs for Workstation Authentication
Starting in MicroStrategy ONE (December 2024), Administrators can configure Workstation redirect URIs when setting up OIDC authentication for MicroStrategy environments.
This update addresses compatibility issues with some OIDC providers, such as AWS Cognito, that block the default http://127.0.0.1:port
redirect URI used by Workstation. Administrators can choose between http://127.0.0.1:port
and http://localhost:port
during the setup process to ensure a smooth authentication workflow for providers with specific requirements.
Prerequisites
The following prerequisites must be met to configure custom redirect URIs:
-
Workstation version: MicroStrategy ONE (December 2024) or later.
-
Library Server version: MicroStrategy ONE (December 2024) or later.
-
The OIDC provider is properly set up and supports
http://127.0.0.1:port
orhttp://localhost:port
.
Configure Custom Redirect URIs for Workstation Authentication
-
Open the Workstation window and connect to your environment.
-
Right-click the connected environment and choose Configure OIDC under Configure Enterprise Security.
-
In Step 2: Select an identity provider, choose Others in the drop-down list. This is the only method supported for custom redirect URIs.
-
In Step 3: Identity Provider Configuration, expand Login Redirect URIs.
-
In the Workstation Redirect Host drop-down list, choose one of the following options:
-
http://127.0.0.1
: This is the default option. -
http://localhost
: This option is available for providers that don't permithttp://127.0.0.1
.
-
-
Enter values required by your IdP (for example, Client ID, Issuer, User Claim Mapping, etc.).
-
In Step 5: User Mapping, expand Advanced and ensure the values in Scopes match the scopes in your IdP.
-
Click Save and restart the Library server.
-
Test the OIDC login process to confirm the redirect URI is accepted by your IdP:
-
In the Navigation pane, click Environments.
-
Right-click your environment and choose Disconnect.
-
Right-click your environment and choose Connect.
-
Login using OIDC.
-
Configure AWS Cognito Redirect URIs
To configure AWS Cognito as an IdP:
-
In the AWS Cognito console, ensure your application's Allowed callback URLs include
http://localhost:51892
tohttp://localhost:51897
. Workstation chooses the first port from this range that is available. -
Open the Workstation window and connect to your environment.
-
Right-click the connected environment and choose Configure OIDC under Configure Enterprise Security.
-
In Step 2: Select an identity provider, choose Others in the drop-down list. This is the only method supported for custom redirect URIs.
-
In Step 3: Identity Provider Configuration, expand Login Redirect URIs.
-
In the Workstation Redirect Host drop-down list, choose
http://localhost
. -
In Step 4: MicroStrategy Configuration, enter your AWS Cognito Client ID and Issuer URL.
-
In Step 5: User Mapping, expand Advanced and ensure the values in Scopes match the scopes in AWS Cognito.
-
Click Save and restart the Library server.
-
Test the OIDC login process to confirm the redirect URI is accepted by your IdP:
-
In the Navigation pane, click Environments.
-
Right-click your environment and choose Disconnect.
-
Right-click your environment and choose Connect.
-
Login using OIDC.
-