Register 4Matrix with Microsoft identity platform (Azure Active Directory)

Register a new application using the Azure portal for 4Matrix

1. Sign in to the Azure portal using either a work or school account.

2. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the appropriate Azure AD tenant.

3. In the left-hand navigation pane, select the Azure Active Directory service, and App registrations > New registration.

4. When the Register an application page appears, enter your application's registration information:

    • Name - Enter a meaningful application name that will be displayed to users of the app
    • Supported account types - Select Accounts in this organizational directory only

5. Once registration is complete, the page will be redirected to the created App registration.

6. Follow the instructions below to apply the necessary settings and complete the setup.

 

Authentication Page

4Matrix Infinity

Web Platform

    • Redirect URI 
      • <Site_URL>/User/Azure 
    • Front-channel logout URL
      • <Site_URL>/ User/LogOff 
    • Implicit grant and hybrid flows
      • Select ID tokens (used for implicit and hybrid flows)
    • Supported account types
      • Select Accounts in this organizational directory only

4Matrix Desktop

Mobile & Desktop applications Platform 

 

Certificates & Secrets Page

4Matrix Infinity

    • Create a new client secret
    • Please take a note of Value of the secret as this will not be visible after creation and need to be added to Infinity configuration settings.

 

API Permissions Page

4Matrix Infinity

    • Add a permission
    • Select Microsoft.Graph and Delegated permissions and add following permissions
      • User.Read
      • Group.Read.All
    • Admin consent is required for Group.Read.All and need to be set.

4Matrix Desktop

    • Add a permission
    • Select Microsoft.Graph and Delegated permissions and add following permissions
      • User.Read
      • Group.Read.All
    • Admin consent is required for Group.Read.All and need to be set.

 

Add the App Registration details to 4Matrix and/or Infinity to get started.

4Matrix Infinity

    • Open IIS Manager on the server where Infinity is installed.
    • Select the site
    • In Features View (Middle Pane), select Configuration Editor under Management section
    • Ensure appSettings is selected in the Section dropdown, click on the right cell with value Count - At the right end of the cell, click on the ellipsis button and a Collection Editor window will appear.
    • Keys with prefix Ida: needs to be populated
      • ClienId, TenantId can be obtained from the overview of App Registration
      • AADInstance is https://login.microsoftonline.com/{0}
      • Client Secret is the noted Value after creating the secret in Azure Portal
      • Domain will be your account in the top-right corner in the portal (Ex: <Domain_Name>.com)
      • RedirectURI and PostLogoutRedirectURI are the URLs added to Authentication page in the App Registration.

4Matrix Desktop

    • Open 4Matrix Client as Admin user
    • Go to School Settings under Admin section.
    • Enter ClientID and TenantID in the Azure AD section at the bottom of the window.

 

Add Security Groups for Authorisation

    • Add security groups and name of the groups should be same as the Authentication Key.
    • You will find the Authentication Keys in Manage Users page under Admin Section in Groups tab.
    • Add relevant users to the groups.

 

Both 4Matrix and Infinity are now setup to use Azure AD Authentication.

 

Article revised: 15/08/2022