Hi,
I am working on an ODC application where I need to implement Azure AD authentication. In OutSystems 11, I previously used the Microsoft Login Connector Library, and I want to implement a similar approach in ODC. I’ve utilized the Microsoft OAuth2 Login (ODC) Forge component, but this component only includes the GetTokenOAuth2 and GetTokenOAuth2ByTenantId server actions.
My concern is how to redirect the user to the Azure AD login page and, after login, how to create the user and assign application-specific roles. Could anyone assist with the implementation steps?
Why use a Forge component?
ODC has out of the box support for AzureAD as external identity provider
For more information see
https://success.outsystems.com/documentation/outsystems_developer_cloud/user_management/configure_authentication_with_external_identity_providers/add_azure_ad_for_use_as_external_identity_provider/
Regards,
Daniel
This is how I have set it up as well, but there are some constraints with this approach.
For example, the timeout session of 12 hours can't be overridden, which means that you will always need to log in again through MFA (if 12 hours inactive) to get a new refresh token. If you, as a company, want a longer period before you need to fetch a new refresh token, you'll need to create your own authentication module (confirmed by Outsystems professional services).
There is also the issue that an ODC account is only created after the first login of a user, which means that changes to that user account in Azure AD are not reflected in Outsystems until the login has occurred. I do notice some improvements in ODC concerning this subject, though.
I suppose there are more limitations that I'm not thinking of now, so I can see why one would try to set it up themselves.
@RJ D If I were in your position and did not receive a satisfactory answer, I would consider examining the O11 component and attempting to replicate it in ODC. Most components are compatible with ODC, though they may need to be restructured as ODC components. Even if direct replication isn't possible, the underlying logic within the O11 component should provide valuable insights. Additionally, debugging the O11 component could help you understand the authentication flow, which could be beneficial in your efforts.
Azure AD is currently known as Azure EntraID. configuring the IDP is built-in support in ODC and its easy to integrate for Authentication only. if you are keen to have Azure EntraID control the Groups and Roles, there is a forge component EntraIDGraphConnector, which is an ODC component and it will help you to read the User, Groups and roles information from EntraID. Now ODC supports whole set of API for Users and Groups and their details to be dynamically created and updated also.
https://success.outsystems.com/documentation/outsystems_developer_cloud/odc_rest_apis/user_and_access_management_api/
Depending on your Usecases, you can do anything you want basically.