Schweiz Deutschland Österreich
Schweiz Deutschland Österreich
AI Chat  
Schweiz Deutschland Österreich
vertec.com

OpenID Connect

Log in to Vertec via OpenID Connect

Product line

Standard

|

Expert

Operating mode

CLOUD ABO

|

ON-PREMISES

Modules

Services & CRM

Budget & Phases

Purchases

Resource Planning

Business Intelligence

Created: 13.09.2023
Updated: 30.01.2024 | Note added: OpenID Connect ID can only be used for one user and must be entered before enabling OpenID Connect.

Basics OpenID Connect

OPEN ID Connect is an application of the Oauth standard with a focus on confirming a user’s identity (authentication). The implementation is based on Microsoft 365 and Entra ID (formerly Azure AD).

Vertec obtains a token from Entra ID. Several steps are taken to ensure that Vertec and Entra ID can trust each other and that the user has authenticated with Entra ID.

The ID token contains a unique user ID assigned with a specific Vertec user, which is used to log in to Vertec.

The advantages of such integration are:

  • Single Sign On: There is no need to log in separately to Vertec if the user is already logged in to the other system (Microsoft 365).
  • Centralized credential management: Logins are maintained only in one place. If a Microsoft 365 login is blocked, it is no longer possible for this user to log in to Vertec.
  • Extended authentication options: Vertec also has access to the full range of authentication methods offered by Entra ID (2FA, Dongle, Windows Authentication).

Prerequisite for using Vertec with OpenID Connect

The Vertec instance, and thus all callback URLs, must be accessible via the Internet for authentication via OpenID Connect to work.

Register Vertec with Entra ID

In order for the Openid Connect integration to work with Entra ID, the Vertec installation must be registered in Entra ID. The procedure is as follows:

  1. In the Azure portal, select Microsoft Entra ID (formerly Azure Active Directory).
  2. Create a new registration under App registrations:
    • A name (e.g. Vertec ) awarded.
    • Supported Account Types Nur Konten in diesem Organisationsverzeichnis select.
    • Save the new app registration by clicking on Registrieren .
    • Write down the application ID (client) on the overview page of the new registration. This will be needed in later
      steps.
  3. Enter a new redirection URI entry for Web on the Authentication page of the app registration. The authentication page can be accessed via the navigation tree or from the overview page via the link next to redirection Uris.
    • On Plattform hinzufügen + click and Web select.
    • The URL must match the URL under which the Vertec instance can be reached, followed by openidcallback . Example: https://meinefirma.vertec-cloud.com/openidcallback .
    • On Hinzufügen click.
  4. Enter a new redirection URI entry for mobile/Desktop:
    • On Plattform hinzufügen + click and Mobilgerät- und Desktopanwendungen select.
    • Enter the callback URL as a Custom Redirection URI:
      ms-appx-web://Microsoft.AAD.BrokerPlugin/<App-ID>
      wherein the app ID is the application ID (client) of the app registration created in point 2.
    • If the Phone App to be used, additionally set the checkbox at the predefined redirection URI for MSAL.
    • On Hinzufügen click.
  5. For the
Bitte wählen Sie Ihren Standort