MicroStrategy ONE

Integrate OIDC Support with Azure AD

This procedure provides instructions for integrating MicroStrategy applications with Azure AD using OIDC authentication.

Create an Application

  1. Sign in to the Azure portal. If you have already launched Azure Active Directory, under Manage, select App registration.
  2. Click New registration.
  3. In Register an application, enter MicroStrategy as the application name. Choose the account type that best fits your enterprise identity access management.
  4. Under Redirect URI, select Public client/native (mobile and desktop). Enter the Library URL suffixed by /auth/oidc/login as shown below.

    https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/auth/oidc/login

  5. Click Register.
  6. In the newly created app registration screen, locate Authentication in the navigation pane and add the following mobile and desktop application URIs. Replace the environment-specific URIs with your environment name.

    • http://127.0.0.1
    • com.microstrategy.hypermobile://auth
    • com.microstrategy.dossier.mobile://auth
    • com.microstrategy.mobile://auth
    • https://env-xxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/static/oidc/success.html
    • https://env-xxxxxx.customer.cloud.microstrategy.com:443/MicroStrategy/auth/oidc/login
    • https://env-xxxxxx.customer.cloud.microstrategy.com:443/MicroStrategyMobile/auth/oidc/login
  7. Click Save.
  8. In the navigation pane, locate API permissions.

  9. Click Add a permission > Microsoft Graph > Delegated permissions.
  10. Search for Directory.Read.All, expand Directory, select Directory.Read.All, and click Add permissions.

  11. Click Update permissions.
  12. In the navigation pane, locate Manifest and download the manifest file.

  13. In the navigation pane, locate Overview and take note of the Client ID for later.
  14. Click Endpoints and copy the OpenID Connect metadata document field.

  15. Add group claims by choosing Token configuration > Add group claims > ID and save the defined group claim.

Configure MicroStratgy Library in Workstation

  1. Open Workstation and connect to the Library environment using standard authentication with an admin privilege user.
  2. Right-click on the connected environment and choose Configure Enterprise Security.

  3. Under MicroStrategy Configuration, upload the manifest file you downloaded earlier and provide the OpenID Connect metadata document details.
  4. Click Save. For more information about enabling OpenID Connection (OIDC) authentication in Workstation, see Configure Enterprise Security.

Enable OIDC Auth Mode for MicroStrategy Library

  1. Go to the Library Admin page to enable OIDC authentication as the default for MicroStrategy Library.
  2. https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategyLibrary/admin

  3. In the navigation pane, click Library Server.
  4. Under Authentication Modes, select OIDC, and click Create Trusted Relationship.
  5. Log in, deselect Standard, and click Save. For more information, see Enable OIDC Authentication for MicroStrategy Library.

Configure and Enable OIDC Auth Mode for MicroStrategy Web/MicroStrategy Mobile

The procedure below refers to MicroStrategy Web. However, the same information applies to MicroStrategy Mobile unless otherwise noted.

  1. Go to the MicroStrategy Web admin page.

    https://env-xxxxxx.customer.cloud.microstrategy.com/MicroStrategy/servlet/mstrWebAdmin

  2. Locate the connected Intelligence server and click Modify.
  3. Click Setup next to the trust relationship between the Web server and MicroStrategy Intelligence server.
  4. Enter the user credentials with admin privileges and click Create Trust Relationship.
  5. In the navigation pane, click Default properties and enable OIDC Authentication.
  6. Under OIDC Configuration, complete the remaining fields.

  7. Click Save. For more information, see Enabling OIDC Authentication for JSP Web and Mobile