Authenticating with Microsoft Azure AD or Okta

Xtraction supports the use of Microsoft Azure AD and Okta as authentication providers. This enables end users to authenticate with their Okta or Azure AD credentials when logging into the Xtraction web client.

As a prerequisite, you need to create Xtraction as an application in Azure AD, Okta, or both before configuring the authentication in the Xtraction Settings utility. For details, see this Xtraction community article: Configuring Microsoft Azure AD and Okta for Xtraction authentication. (You may first need to register with the community to view it.)

Once you've completed the procedures in the community article, follow the procedure below to configure authentication for Azure AD or Okta. You can do this as part of Xtraction setup or any time afterward.

To configure Azure AD or Okta authentication

Before starting, make sure you have access to the information saved after completing the procedures in the Xtraction community article listed above. For Azure AD, this is the tenant ID, client ID, and client secret. For Okta, this is the authority URI, client ID, and client secret.

1.Open the Xtraction Settings utility. You can find the utility with the other installed Xtraction files (by default at C:\Program Files (x86)\Xtraction Software\Xtraction\Tools).

2.Click the Authentication tab.

3.Click Click here to add a new row to add Azure AD or Okta as an authentication provider.

4.In the Edit dialog, open the Type drop-down and select Azure AD Auth or Okta Auth.

5.Fill in the fields exactly as shown below; some will require the information you saved earlier.

Use the Edit dialog to configure an authentication provider.

Active: Select to make the authentication method active. If you clear this check box to deactivate this authentication method at a later date, the settings will continue to be saved.

Id: Enter the ID any way you like, but it must include AzureAD (as one word) or Okta in the name. This ID isn't case sensitive.

Provider: Enter a name that will clearly identify the authentication provider on the Xtraction login page.

URL: For Azure AD, enter /#/auth/azure-ad-auth?type=AzureAD. For Okta, enter /#/auth/okta-auth?type=Okta.

Auto Create Users: Select if Xtraction should automatically create a user who has been authenticated by the provider but doesn’t exist within Xtraction. These users are automatically assigned the default user role(s) that you can set up under the Features tab of this utility. It's recommended that you enable this option.

At any time after setup, you can edit permissions for individual users via the Administration link > User Administration tab at the bottom of the Xtraction web client.

Authority: For Azure AD, enter For Okta, enter the authority URI that you saved earlier.

Tenant ID: Enter the information saved earlier. This field isn't available for Okta.

Client ID: Enter the information saved earlier.

Client Secret: Enter the information saved earlier.

Redirect URI: For Azure AD, enter /api/auth/signin-oidc?type=azuread. For Okta, enter /api/auth/signin-oidc?type=okta. Important: For both products, this URI needs to be in all lowercase letters.

Post Logout Redirect URI: Enter /#/logout.

Post Auth Redirect URI: Enter /#/authenticated.

Auth Provider Name: Enter AzureAD (as one word) or Okta.

6.Click Update, then click OK.

7.Execute an IIS reset from an administrator command prompt.

To test the authentication configuration

1.Open the Xtraction web client. The login page will take a moment to load.

2.You should see a button for each newly configured authentication provider. Select one and sign in as required. When authenticating with Okta for the first time, you'll go through a two-factor sign-in process to validate the login.

Custom authentication methods on the Xtraction login page.

If sign-in is successful and the Xtraction UI displays, the configuration is fully working.