Overview

AppsAnywhere currently supports OAuth 2.0 with two providers:

  • Azure Active Directory (this page)

  • Active Directory Federation Services (described by OAuth 2.0 ADFS)

The method you use will depend on the system you are trying to link AppsAnywhere to. This guide will take you through setting up OAuth 2.0 within Azure AD.

The OAuth Azure AD SSO method will not work if the SamAccountName does not match the first part of the UPN (e.g. the firstname.lastname part of firstname.lastname@domain.org) attribute for users.

In this instance, use the SAML Azure SSO method which allows the configuration of attributes in the response returned to AppsAnywhere from the identity provider.

Before You Begin

  1. Log into your institution's Azure Portal as a system administrator

  2. On the left hand menu, click Azure Active Directory

  3. On the Azure AD sub menu, click App registrations

  4. Click New registration

  1. Enter a name for the new app (we recommend AppsAnywhere)

  2. Enter the address of your AppsAnywhere site, including the /sso/oauth2/your-custom-url path in the Redirect URI box.  Leave the type as Web.

  3. Click Register

Ensure that the your-custom-url portion of the Sign-on URL matches the "URL Identifier" you are using/planning on using for the OAuth 2.0 method within AppsAnywhere.

You should only be setting up Azure AD SSO with a production environment, so be sure to use your secure, certified, load balanced address for the Sign-on URL.

  1. Make a note of the Application ID displayed in the main pane

  2. On the right-hand menu, click Certificates & Secrets

Another pane will then open where you can create a Secret that AppsAnywhere will use to authenticate with Azure.

  1. To create a new Secret, click New client secret.

  2. Type appsanywhere into the Description field.

  3. Change the Expires value to Never

  4. Click Add

  5. Make a note of the Value displayed. This will not be available once you leave this screen.

Configuring AppsAnywhere

Now that you have set up Azure to accept communications from AppsAnywhere, you are ready to configure AppsAnywhere to authenticate with Azure.

The OAuth 2.0 page provides details on how you can do this - just make sure to pick OAuth Azure!

Creating an Office 365 Tile

One of the big benefits of having Azure AD SSO is that you can now advertise your AppsAnywhere portal as a tile on your institution's Office 365 menu. 

Setting this up is incredibly simple if you follow the instructions below:

In order to enable Azure AD SSO access, you will first need to configure your Azure AD environment to permit AppsAnywhere access. To do this, follow the steps below:

  1. Log into your institution's Azure Portal as a system administrator

  2. On the left hand menu, click Azure Active Directory

  3. On the Azure AD sub menu, click App registrations

  4. Click New registration

  1. Enter a name for the new app (we recommend AppsAnywhere)

  2. Enter the address of your AppsAnywhere site, including the /sso/oauth2/your-custom-url path in the Redirect URI box.  Leave the type as Web.

  3. Click Register

You should only be setting up Azure AD SSO with a production environment, so be sure to use your secure, certified, load balanced address for the Sign-on URL

You will then be directed back to the App registrations screen where you should now see your app in the list.

  1. Make a note of the Application ID displayed in the main pane

  2. On the right-hand menu, click Certificates & Secrets

Another pane will then open where you can create a key that AppsAnywhere will use to authenticate with Azure.

  1. To create a new Secret, click New client secret.

  2. Type appsanywhere into the Description field.

  3. Change the Expires value to Never

  4. Click Add

  5. Make a note of the Value displayed. This will not be available once you leave this screen.

  1. Log into your Office 365 Admin interface as an administrator

  2. On the left-hand menu go to Settings > Organization profile

  3. Look for the (possibly 4th) section on the page titled Add customer tiles for your organization

  4. Click Edit

A dialog box will open where any existing custom tiles are listed and you will have the ability to add a new tile.

  1. Click Add a custom tile

You will now see a dialog that allows you to set up your new tile. Enter the information required as follows:

  1. Enter AppsAnywhere as your Tile name

  2. Enter the production-ready, secure, certificated, load-balanced URL of your AppsAnywhere portal in the URL box

  3. Give the tile a Description that your users will see when they hover over the tile

  4. Enter the public URL of an image you wish to use for the tile for the Image URL

  5. Click Save

Your users will now see the AppsAnywhere tile on their Office 365 menu and be able to move straight into AppsAnywhere without having to re-authenticate.