Show/Hide Toolbars

Inventu Viewer+ Azure AD Configuration

Navigation: » No topics above this level «

Configuring Azure Active Directory for a New Inventu Viewer+ Server

Scroll Prev Top Next More

This page will guide you through the process of configuring a new Azure AD application that integrates with your Viewer+ FVTerm web application so that Azure AD becomes the security system for users accessing FVTerm.




1.You must have a Azure AD Signin that has administrative rights to your Azure AD configuration.  

2.Your Viewer+ server must have a DNS name configured in your network--you can start with a server that is not fully accessible on the internet, but will eventually need a full DNS name for the Viewer+ server to configure in the Azure AD management pages.

3.Your IIS server must have an active SSL/TLS certificate.  If you do not have a trusted certificate from an issuing authority, you can use the IIS server node's "Server Certificates" page and use the "Create Self-Signed Certificate" action.

4.Your IIS web site for FVTerm must have the https binding activated--this is in the site's "Bindings" configuration dialog--add https if it is missing.




to Azure Management Page


Open Azure Management in order to access the Azure AD --


This will open your Azure management as of July, 2018, you use the "blade" menu on the far left--scroll down to Azure Active Directory, select it, then select App Registrations in the next "blade":

clip0001         clip0002



This will display the applications for your organization in the next page (if any) -- Click on New Application Registration:




Add a new Application-- use an appropriate name for the servers that will be supporting this application.


Accept the default Web app / API application type...


Next, enter the signon from requirements # 2 (above) that your users will utilize to access the FVTerm application--if you are testing, enter the test server URL as you will be accessing it.  Remember that it must be HTTPS.  The URI of the ID is a unique identifier like the namespace for a web service--choose a unique URI ID that matches patterns for any other URI ID's in your organization.  Use just the "FVTerm" for the URL portion, not the full web page url.  Once you've entered click on Create...



The application is now created in Azure AD--now you need to capture two key text strings that will be used when configuring FVTerm.


Click on the "Settings" icon / link



Next click on Properties:




The App ID URI we need for our FVTerm configuration -- copy it to the clipboard and paste to a "scratch" text file:clip0010



The next step is to obtain the finger prints (also called thumb prints) for the active Certificates used to encrypt and validate the sign-on with Azure AD.  This requires you to view the endpoint document for the new application just created and copy the certificate to the clipboard.  First step is to grab the URL to access the endpoints XML document...exit the new application details back to the list of your applications.




Click on Endpoints to access the key URL's about your company, application and so on:




This will display the endpoint URL's -- you are interested in the FEDERATION METADATA DOCUMENT url--copy the URL to the clipboard and/or your scratchpad text document:






 Next Step: Configuring Inventu Viewer+ FVTerm for Azure AD