MicroStrategy ONE

Custom Redirect URIs for Workstation Authentication

Starting in MicroStrategy ONE (December 2024), Administrators can configure Workstation redirect URIs when setting up OIDC authentication for MicroStrategy environments.

This update addresses compatibility issues with some OIDC providers, such as AWS Cognito, that block the default http://127.0.0.1:port redirect URI used by Workstation. Administrators can choose between http://127.0.0.1:port and http://localhost:port during the setup process to ensure a smooth authentication workflow for providers with specific requirements.

Prerequisites

The following prerequisites must be met to configure custom redirect URIs:

  • Workstation version: MicroStrategy ONE (December 2024) or later.

  • Library Server version: MicroStrategy ONE (December 2024) or later.

  • The OIDC provider is properly set up and supports http://127.0.0.1:port or http://localhost:port.

Configure Custom Redirect URIs for Workstation Authentication

  1. Open the Workstation window and connect to your environment.

  2. Right-click the connected environment and choose Configure OIDC under Configure Enterprise Security.

  3. In Step 2: Select an identity provider, choose Others in the drop-down list. This is the only method supported for custom redirect URIs.

  4. In Step 3: Identity Provider Configuration, expand Login Redirect URIs.

  5. In the Workstation Redirect Host drop-down list, choose one of the following options:

    • http://127.0.0.1: This is the default option.

    • http://localhost: This option is available for providers that don't permit http://127.0.0.1.

  6. Enter values required by your IdP (for example, Client ID, Issuer, User Claim Mapping, etc.).

  7. In Step 5: User Mapping, expand Advanced and ensure the values in Scopes match the scopes in your IdP.

  8. Click Save and restart the Library server.

  9. Test the OIDC login process to confirm the redirect URI is accepted by your IdP:

    1. In the Navigation pane, click Environments.

    2. Right-click your environment and choose Disconnect.

    3. Right-click your environment and choose Connect.

    4. Login using OIDC.

Configure AWS Cognito Redirect URIs

To configure AWS Cognito as an IdP:

  1. In the AWS Cognito console, ensure your application's Allowed callback URLs include http://localhost:51892 to http://localhost:51897. Workstation chooses the first port from this range that is available.

  2. Open the Workstation window and connect to your environment.

  3. Right-click the connected environment and choose Configure OIDC under Configure Enterprise Security.

  4. In Step 2: Select an identity provider, choose Others in the drop-down list. This is the only method supported for custom redirect URIs.

  5. In Step 3: Identity Provider Configuration, expand Login Redirect URIs.

  6. In the Workstation Redirect Host drop-down list, choose http://localhost.

  7. In Step 4: MicroStrategy Configuration, enter your AWS Cognito Client ID and Issuer URL.

  8. In Step 5: User Mapping, expand Advanced and ensure the values in Scopes match the scopes in AWS Cognito.

  9. Click Save and restart the Library server.

  10. Test the OIDC login process to confirm the redirect URI is accepted by your IdP:

    1. In the Navigation pane, click Environments.

    2. Right-click your environment and choose Disconnect.

    3. Right-click your environment and choose Connect.

    4. Login using OIDC.