Skip to main content

Solutions

Managing authentication

Microsoft Azure AD, integration with Microsoft Azure IDP and 1E Solutions enables authentication using your existing Microsoft Azure AD/Entra ID credentials, in addition:

  • 1E Solutions users manage endpoints using the platform, based on platform role-based access control (RBAC).

  • Endpoints are not connected in any way to 1E Solutions.

  • When solution relevant events happen, data is sent to the 1E platform. 1E Solutions subscribes to those events and updates device status in real time.

    DR_-_Information_flow.png
Setting up authentication

Depending on your environment you can either create a new app or use an existing one to authenticate to 1E Solutions.

Registering a new app
  1. Login to your Microsoft Azure portal, go to App registrations.

    Solutions-RN-14.png

    Then click New registration.

    Solutions-RN-15.png
  2. Provide a name for the application and set the supported account type as shown, and add the Redirect URI:

    https://solutions.1e.com/MicrosoftLoginConnectorReactive/CallbackPage.

    DR_-_Auth_1.png
  3. Click on Register to save the app.

    SOL_Core_16.png
  4. Add a client secret to the application by clicking on Certificates & secrets.

    DR_-_Auth_2.png
  5. Click on New client secret.

    SOL_Core_17.png
  6. Add the Secret and copy the value of the newly created Secret.

  7. Share the following information with 1E for tenant registration:

    • Name.

    • Directory (tenant) ID.

    • Application (client) ID.

    • Client Secret value.

    • Admin Email: <email of the user who is going to be the admin for 1E Solutions and also is a 1E platform admin>.

Note

For more information about creating and configuring the Azure AD applications required for 1E platform SaaS instances. Refer to the latest platform documentation on https://help.1e.com/.

Using an existing app
  1. Select an existing registered application.

    DR_-_Auth_4.png
  2. Click on Redirect URIs and add the solutions url under Web Redirect URIs:

    https://solutions.1e.com/MicrosoftLoginConnectorReactive/CallbackPage.

    DR_-_Auth_5.png
  3. Share the following information with 1E for tenant registration:

    • Name.

    • Directory (tenant) ID.

    • Application (client) ID.

    • Client Secret value.

    • Admin Email: <email of the user who is going to be the admin for 1E Solutions and also is a 1E admin>.

    • Identifying Email Domain: <email domain info. eg: @1edemolab.com>

Note

For more information about creating and configuring the Azure AD applications required for 1E platform SaaS instances. Refer to the latest platform documentation on https://help.1e.com/.

API permissions for sending emails from 1E Solutions

Microsoft Graph API Application permission (Mail.Send) will enable your Solution to send notification emails to admins based on your configured metrics.

  1. Navigate to the API permission of the registered App and click on Add a permission.

  2. Select Microsoft Graph → Application permission and add Mail.Send.

    DR_-_Auth_6.png

    For details about Mail.Send refer to https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=http.

  3. Click on Add permissions and Grant admin consent.

    DR_-_Auth_7.png

Note

The Mail.Send API has permission to send emails from any mailbox. It is recommended you limit the application to send email from only one mailbox. For more details refer to https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access.