Register 4Matrix with Microsoft identity platform (Azure Active Directory)
Important: Once the following setup is complete a new user account will be created in the 4Matrix database the next time the user the logs in to 4Matrix Infinity / Desktop using their Microsoft credentials. The new user account will require the 'Staff Tag' to be linked using 4Matrix Infinity / Desktop in the Manage Users tool to re-link Classes, Groups and Seating Plans. It is not possible for 4Matrix to create these links automatically. It is advisable to delete old user accounts once all users have logged in successfully using the new setup.
Register a new application using the Azure portal for 4Matrix
1. Sign in to the Azure portal using either a work or school account.
2. If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the appropriate Azure AD tenant.
3. In the left-hand navigation pane, select the Azure Active Directory service, and App registrations > New registration.
4. When the Register an application page appears, enter your application's registration information:
-
- Name - Enter a meaningful application name that will be displayed to users of the app
- Supported account types - Select Accounts in this organizational directory only
5. Once registration is complete, the page will be redirected to the created App registration.
6. Follow the instructions below to apply the necessary settings and complete the setup.
Authentication Page
4Matrix Infinity
Web Platform
-
- Redirect URI
- <Site_URL>/User/Azure
- Front-channel logout URL
- <Site_URL>/ User/LogOff
- Implicit grant and hybrid flows
- Select ID tokens (used for implicit and hybrid flows)
- Supported account types
- Select Accounts in this organizational directory only
- Redirect URI
4Matrix Desktop
Mobile & Desktop applications Platform
-
- Add desktop platform.
- Select https://login.microsoftonline.com/common/oauth2/nativeclient
Certificates & Secrets Page
4Matrix Infinity
-
- Create a new client secret
-
Copy the key under the 'Value' column and add it to Infinity Configuration Settings. Make a note of this key for future reference.
API Permissions Page
4Matrix Infinity
-
- Add a permission
- Select Microsoft.Graph and Delegated permissions and add following permissions
- User.Read
- Group.Read.All
- Admin consent is required for Group.Read.All and need to be set.
4Matrix Desktop
-
- Add a permission
- Select Microsoft.Graph and Delegated permissions and add following permissions
- User.Read
- Group.Read.All
- Admin consent is required for Group.Read.All and need to be set.
Add the App Registration details to 4Matrix and/or Infinity to get started.
4Matrix Infinity
-
- Open IIS Manager on the server where Infinity is installed.
- Select the site
- In Features View (Middle Pane), select Configuration Editor under Management section
- Ensure appSettings is selected in the Section dropdown, click on the right cell with value Count - At the right end of the cell, click on the ellipsis button and a Collection Editor window will appear.
- Keys with prefix Ida: needs to be populated
- ClienId, TenantId can be obtained from the overview of App Registration
- AADInstance is https://login.microsoftonline.com/{0}
- Client Secret is the noted Value after creating the secret in Azure Portal
- Domain will be your account in the top-right corner in the portal (Ex: <Domain_Name>.com)
- RedirectURI and PostLogoutRedirectURI are the URLs added to Authentication page in the App Registration.
4Matrix Desktop
-
- Open 4Matrix Client as Admin user
- Go to School Settings under Admin section.
- Enter ClientID and TenantID in the Azure AD section at the bottom of the window.
Add Security Groups for Authorisation
-
- Add security groups and name of the groups should be same as the Authentication Key.
- You will find the Authentication Keys in Manage Users page under Admin Section in Groups tab.
- Add relevant users to the groups.
Both 4Matrix and Infinity are now setup to use Azure AD Authentication.
Article revised: 15/08/2022