Zum Hauptinhalt springen
Deutsch
|
English

AZURECLIENTID - Detailed description

FM-Portal

IC2867
Administrator
FM-Portal

Overview

Parameter: AZURECLIENTID
Category: Login
Default value: (empty)
Product: eTASK.Login

What does this parameter do?

AZURECLIENTID stores the unique application ID (client ID) that your portal needs to authenticate with Microsoft Azure Active Directory. This ID identifies your portal installation to Microsoft Azure and enables users to log in using their Microsoft 365 accounts.

What is this parameter used for?

The parameter is used when:

  • Users are to log in to the portal using their Microsoft 365 or Azure AD accounts

  • The Azure sign-in button on the login page needs to be enabled

  • Emails are to be sent via the Microsoft Graph API

  • Exchange Online calendars are used for room bookings

  • Users need to be imported from Azure Active Directory

Technical Details

Format: GUID (Globally Unique Identifier)
Default value: (leer)

Valid value:

  • A GUID in the format: 12345678-1234-1234-1234-123456789abc

  • Example: a1b2c3d4-e5f6-7890-abcd-ef1234567890

Important notes:

  • The client ID must be entered exactly as it appears in Azure

  • Together with AZURETENANTID, this parameter forms the basis for Azure authentication

  • The parameter works in conjunction with AZURELOGINACTIVE to control Azure login

  • The GUID is not case-sensitive

When should you change this value?

Set the value (enter the GUID) if:

  • You want to enable Azure Active Directory sign-in for your users

  • You want to use Microsoft 365 integration for email sending

  • You use Exchange Online calendars for room bookings

  • You want to automatically import users from Azure AD

Leave the value blank if:

  • You use only on-premises portal accounts or classic Active Directory

  • You do not need Microsoft 365 integration

  • The Azure infrastructure has not yet been set up in your organization

Important Notes

  1. Azure app registration required
    Before you can set this parameter, your IT department must create an app registration in Microsoft Azure. You can find the client ID there in the overview as "Application ID (Client)".

  2. AZURETENANTID also required
    The client ID alone is not sufficient. You also need the tenant ID in the AZURETENANTID parameter.

  3. Configure permissions in Azure The
    appropriate API permissions must be set in the Azure app registration, depending on the desired features (sign-in, email, calendar, etc.).

  4. Set the redirect
    URL in Azure In Azure, your portal’s URL must be configured as an allowed redirect URL for sign-in to work.

  5. AZURELOGINACTIVE controls visibility
    Even if AZURECLIENTID is set, the Azure sign-in button is only displayed if AZURELOGINACTIVE is set to 1.

Security

Does changing this parameter affect security?

Yes, configuring this parameter directly affects the security of user authentication.

Positive aspects:

  • Uses Microsoft’s highly secure OAuth 2.0 authentication

  • Centralized management of user accounts via Microsoft 365

  • Supports Microsoft's multi-factor authentication (MFA)

  • No need to store passwords in the portal

Note:

  • The client ID itself is not secret, but should only be known to authorized administrators

  • The associated client secret (if used) must be treated as strictly confidential

  • Incorrect Azure permissions can lead to security vulnerabilities or data protection issues

  • The redirect URLs in Azure must be strictly limited to your portal domain

Recommendation: Use Azure AD sign-in in combination with multi-factor authentication for maximum security. Ensure that only authorized IT administrators have access to the Azure App Registry and document all configured API permissions.

Practical example

Initial scenario: A company with 500 employees uses Microsoft 365 and wants users to be able to log in to the portal with their familiar Microsoft accounts instead of managing separate portal passwords.

Configuration: 1. IT administrator creates an app registration in the Azure Portal 2. Copies the "Application ID (Client)": a7f3e9d1-2b4c-6d8e-9f1a-3b5c7d9e1f2a 3. Copies the "Directory ID (Tenant)": b8e4f0e2-3c5d-7e9f-0a2b-4c6d8e0f3a4b 4. Sets AZURECLIENTID = a7f3e9d1-2b4c-6d8e-9f1a-3b5c7d9e1f2a 5. Set AZURETENANTID = b8e4f0e2-3c5d-7e9f-0a2b-4c6d8e0f3a4b 6. Set AZURELOGINACTIVE = 1

After the change:

  • A new "Sign in with Microsoft" button appears on the portal login page

  • Users click this button

  • They are redirected to Microsoft and sign in with their usual Microsoft 365 account

  • After successful sign-in, they are automatically redirected back to the portal and are logged in

Result: Employees can use their usual Microsoft 365 credentials and benefit from the multi-factor authentication that is already set up. The IT department no longer needs to manage separate portal passwords.

Recommended setting

For standard installations:(leer)(not configured)

Reason:

  • Azure integration requires additional configuration in Microsoft Azure

  • Not all customers use Microsoft 365 or Azure Active Directory

  • The default state enables classic login methods

Exceptions (Microsoft 365 environments):

  • Set the client ID from your Azure App Registration if you use Microsoft 365

  • Combine with AZURETENANTID and AZURELOGINACTIVE for full Azure integration

  • Highly recommended for companies with a comprehensive Microsoft 365 infrastructure

Tip: Test Azure login with a test user first before enabling it for all employees. Ensure that the redirect URLs in Azure exactly match your portal URL, including http/https and ports.

War dieser Artikel hilfreich?