I want to configure single sign on using microsoft azure ad in outsystems dev environment. There multiple applications on the dev environment. But I want to configure it for the specific applications. (Maximum 3 or 4). How can I achieve it ? Also I have few doubts on the same as I mentioned below,1) can we enable single sign on for specific users ? For. e.g I have 10 users in my outsystems user table out of them for two users I want to enable single sign on and rest of the users will be able to login using outsystems internal login process.If Yes then what are the changes I need to make on the login screen to redirect the specific users to Azure Ad portal ?2)In our application there are three dashboard pages and and based on the user role users will be redirected to the particular dashboard page. When single sign on will be enable then for that how can I configure the login screen to redirect the users on the particular page based on their user role ?Please suggest and share your thoughts on the same. Thanks in advance.
Hi @Ajit Kurane ,
Configuring SSO for Specific Applications in OutSystems
Register the OutSystems Application in Azure AD:
Configure OutSystems for SSO:
1. Enable SSO for Specific Users
To enable SSO only for specific users and allow others to use the default OutSystems login, you can implement a custom logic to check whether a user should use SSO or not.
Steps:
Add a Column in the Users Table:
Modify the Login Screen Logic:
outsystemsCopy codeIf User.UseSSO = True Then RedirectToAzureAD() // Redirect to Azure AD loginElse // Proceed with OutSystems internal login process Login(Username, Password)End If
Redirect to Azure AD can be achieved using an External Authentication system or the SAML 2.0 component from the Forge.
2. Redirect Users Based on Their Roles After SSO
To redirect users to different dashboard pages based on their role after a successful SSO login:
Check User Roles:
Add Logic to Redirect After Login:
outsystemsCopy codeIf CheckUserRole(User.Id, "Admin") Then RedirectToPage(AdminDashboardPage)ElseIf CheckUserRole(User.Id, "Manager") Then RedirectToPage(ManagerDashboardPage)Else RedirectToPage(UserDashboardPage)End If
This logic can be placed in the OnAuthentication event or directly after the login process to ensure users are directed based on their role.
Thank you so much for your response. I appreciate it very much.
After login If I click on log out button then I am getting below error.
So if I understand the solution that you propose correctly, a user first needs to login using outsystems, to then only find out if we want the user to login using azureAD? That doss not make sense to me.
If it depends on the application if you want to use outsystems builtin authentication or azureAD, you need yo change the default behavior of the common/login and common/logout screens to allow for both flows based on a site.propety value.
This way you can even accommodate that login in DEV and TEST for example use outsystems and ACCEPTANCE and PRODUCTION use AzureAD for an app, as you can configure the site property effective value per environment.
If you would create a custom application template you could use this customized authentication as described by me in thr template. Then for future applications it is automatically implemented that you can choose between outsystems and AzureAD for authentication.
Regards,
Daniel
For enterprise solutions, it’s recommended to use an Identity and Access Management (IAM) solution to handle authentication, rather than modifying your OutSystems code. You can configure Single Sign-On (SSO) for all users in the Users application under Configure Authentication. Both commercial options (like OneLogin, Okta) and open-source solutions (like Keycloak) are available.