Register Enginsight in Azure AD

First, register Enginsight as a new APP in your Azure Active Directory. To do this, you can simply follow the step by step instructions from Microsoft.

After you have successfully registered Enginsight, you only need to add your clientId, clientSecret or clientCertificate to the Enginsight configuration.

Customizing the Enginsight configuration

1. Open the configuration file in an editor of your choice, for example nano.

nano /opt/enginsight/enterprise/conf/services/config.json

2. In the "microsoftAuthenticationLibrary" section, enter the data from your Azure AD.

"microsoftAuthenticationLibrary": [{
    "scope": "\\@.*",
    "clientId": "",
    "clientSecret": "",
    "clientCertificate": {
      "thumbprint": "",
      "privateKey": ""
    },
    "authority": "https://login.microsoftonline.com/<TENANT_ID>"
  }],

The scope allows you to restrict the configuration to a specific AD domain. In most cases, no restriction will be necessary and you will not need to adjust the value.

You get the clientId from your Azure AD, also called applicationId there.

The same applies to clientSecret.

As an alternative to clientSecret, you can also work with a clientCertificate. Please follow the Microsoft documentation to issue a certificate.

The TENANT_ID is your Azure AD directoryId

Example of a correct configuration:

"microsoftAuthenticationLibrary": [{
    "scope": "\\@.*",
    "clientId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx",
    "clientSecret": "xxxxx~xxxxxxxxx.xxxxxxxxx",
    "authority": "https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
  }],

3. Save the new configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

4. Navigieren Sie in /opt/enginsight/enterprise

./setup.sh

Login via Microsoft Office 365

After successful setup, simply select the appropriate authentication method and log in with your mail address.