Prerequisites
This article describes the technical configuration of OIDC/SSO for an existing LiveView publication site.
The configuration typically requires collaboration between:
- A server administrator responsible for your 2c8 server
- An administrator of your Identity Provider (for example, Entra ID or AD FS)
Before proceeding, ensure that you:
- Have started creating a LiveView publication site
- Have selected OIDC as the access control method
- Have access to the LiveView server configuration
- Have an Identity Provider that supports OpenID Connect (OIDC)
The feature has been tested with:
If you have not yet created a LiveView publication site, first follow the article:
Configure OIDC with Microsoft Entra ID
After selecting OIDC as the access control method, the fields required for OIDC configuration will be displayed.
The values are retrieved from the Microsoft Entra Admin Center. These values are typically provided by your Identity Provider administrator, while the server administrator is responsible for entering them in the 2c8 configuration.
The steps below describe how to obtain the required values from Microsoft Entra.
| LiveView Field | Retrieved From |
| Callback URL | Used as the Redirect URI in Entra ID |
| Client ID | Application (client) ID |
| Client Secret | Client secret value |
| Discovery URI | Entra ID OpenID configuration endpoint |
Create an App Registration in Microsoft Entra ID
- Sign in to the Microsoft Entra Admin center
- Go to App registrations
- Click New registration
Configure the Redirect URI
- Copy the value from the Callback URL field in the LiveView configuration.
- In Entra ID, paste the address into the Redirect URI field
- Click Add
Create a Client Secret
- Go to:
Certificates & secrets - Click New client secret
- Enter a name and select an expiration period
- Click Add
- Copy the value from the Value field
Important: The value is displayed only once.
Retrieve the Client ID
- Go to Overview
- Copy:
- Application (client) ID
- Directory (tenant) ID
Configure OIDC in LiveView
Enter the following values in the LiveView configuration:
| Fält | Värde |
| Client ID | Application (client) ID |
| Client Secret | Value from Client Secret |
Enter the Discovery URI
In the Discovery URI field, enter:
https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration
Replace:
<tenant-id>
with your Directory (tenant) ID from Entra ID.
Grant API Permissions
- Go to API permissions
- Click Grant admin consent
Manage User Access
- Go to Enterprise applications
- Open the application registration
- Go to Properties
Here you can choose whether to allow all users in your organization or restrict access to specific users or groups.
Allow All Users
Set:
Assignment required = No
Restrict Access to Specific Users or Groups
- Set:
Assignment required = Yes - Go to Users and groups
- Add the users or groups that should have access
- Click Save
Complete the Configuration
Once all fields have been completed, you can create or update the LiveView publication site.
Configure OIDC with Microsoft AD FS
After selecting OIDC as the access control method, the fields required for OIDC configuration will be displayed.
The values for these fields are retrieved from Microsoft AD FS. These values are typically provided by your Identity Provider administrator, while the server administrator is responsible for entering them in the 2c8 configuration.
The steps below describe how to obtain the required values.
Prerequisites
Before proceeding, ensure that you have:
- Active Directory Federation Services (AD FS) 2016 or later
- Started creating a LiveView publication site
- Selected OIDC as the access control method in the LiveView configuration
Enter the Discovery URI
In the Discovery URI field, enter:
https://customer.2c8.com/adfs/.well-known/openid-configuration
Create an Application Group in AD FS
- Open AD FS
- Go to Application Groups
- Click Add Application Group
Select the Application Type
- Enter a name for the application
- Select:
Server application accessing a web API - Click Next
Configure the Client ID
- Copy the value from Client Identifier
- Paste the value into the Client ID field in the LiveView configuration
- Click Next
Configure the Redirect URI
- Copy the value from the Callback URL field in the LiveView configuration
- Paste the address into the Redirect URI field in AD FS
- Click Add
- Click Next
Configure the Client Secret
- Copy the value from Client secret
- Paste the value into the Client Secret field in the LiveView configuration
- Click Next
Configure the Web API
The Identifier field must contain a value.
- Enter any valid value
- Click Add
- Click Next
Select an Access Control Policy
- Choose which Access Control Policy should be used.
The policy determines which users are allowed to access the publication. - Click Next
Select Permissions
- Under Application Permissions, select:
- openid
- Complete the wizard
Complete the Configuration
- Return to the LiveView configuration
- Verify that all OIDC fields have been completed
- Click Update
The OIDC/SSO configuration is now complete.
Comments
0 comments
Please sign in to leave a comment.