Senseforce 2.0 Manual
  • Welcome to Senseforce 2.0
  • SF MQTT API
  • SF Edge
    • Edge Package Overview
    • Edge Installation
      • Using the SF Edge Service installer in command shell
      • Headless SF Edge Servie execution
    • Edge Configuration
      • Which Plugins to load (appsettings.xml)
      • Edge Data Routing (EventDefinition.xml)
      • OTA configuration (otasettings.xml)
      • Edge Logging
      • Input plugins
        • SQL Plugin
        • SQLite Plugin
        • OPC UA Plugin
          • OPC UA server browser
        • SIEMENS S7/SINUMERIK Plugin
          • Creating connection definition file
        • S7 Plugin
        • REST Plugin
        • TCP Listener Plugin
        • XML File Parsing Plugin
        • Heidenhain Plugin
      • Output Plugins
        • MQTT Plugin
        • SQLite Plugin
    • Edge Compute plugins
      • Creating compute plugins
      • Using compute plugins
  • SF Edge Asset Management
    • Edge version repository
  • SF Platform
    • Navigation
      • Overview Screen
    • Dataset Builder
      • Filters, Aggregations and Groupings
      • Functions of the Formula Editor
      • Additional Settings
      • Special Events
      • FAQ and Troubleshooting
    • Script Editor
      • Details of the Script Editor
      • Installed Packages
      • Working with Timestamps
        • Working with Timestamps in Python
        • Working with Timestamps in R
      • FAQ and Troubleshooting
    • Widgets
      • Text
      • Headline
      • Image
      • Progress Bar & Gauge Chart
      • Table
      • Map
      • Line, Bar, Scatter and Area Chart
      • Pie Chart
      • Gantt Chart
      • Histogram
      • Overview
      • Log
      • Default colors and color conditions
      • FAQ and Troubleshooting
    • Dashboards
      • Dashboard Filters
      • Favorites
      • Data Drilldown & Widget Interaction
      • Editing multiple dashboard widgets
      • Time Zones
      • Synchronized Zooming
      • Sharable Dashboard URL
      • Multi-chart layout options
      • Default sort for table widgets
      • Releases
      • Reporting
      • FAQ and Troubleshooting
      • Applying zoom to global timestamp filter
      • Optimise the layout for different devices
    • Machine Master Data
      • Dimensions
      • Instances
      • Things
      • Use Case
      • FAQ and Troubleshooting
    • Automation
      • Trigger
      • Scheduling overview
      • Actions
      • Test your Automation
      • Zapier integration (necessary internal steps)
      • Zapier integration
      • Subscriptions
      • FAQ and Troubleshooting
    • Event Schema Management
      • Importing a Event Schema
      • FAQ and Troubleshooting
    • Virtual Events
      • Creating a Virtual Event
      • Scheduling Overview
      • Permissions and Data Access
      • FAQ and Troubleshooting
    • Details modal for elements
    • Copy / Duplicate elements
    • Whitelabeling
    • Edge Device Management
    • Element History
    • Public API
      • Get your access token
      • Endpoints
      • Debugging scripts
      • FAQ and Troubleshooting
    • User & Group Management
      • FAQ and Troubleshooting
    • Active Directory & SSO Setup
Powered by GitBook
On this page
  • Setup Azure Active Directory for Paze.Industries
  • Assign Paze.Industries groups to external Active Directory users or AD groups
  • How to add new users after initial setup
  • Other details

Was this helpful?

  1. SF Platform

Active Directory & SSO Setup

This page descibes how to configure Azure Active Directory to autenticate your Paze.Industries platform and how to add new users after initial setup.

PreviousFAQ and Troubleshooting

Last updated 1 year ago

Was this helpful?

Setup Azure Active Directory for Paze.Industries

  1. Navigate to your Azure portal (eg. )

  2. In the portal, navigate to App registrations

  1. Click on New registration

  2. Fill in the input fields as follows:

  • Name: “Paze.Industries IIoT Platform” (you can decide how you want to name it in your organization)

  • Supported account types: Single-tenant

  • Redirect URI: Leave empty for now

  1. Click “Register”

  2. In the next screen note down the “Application (client) ID" as well as the "Directory (tenant) ID" and send this information to your Customer Success contact at Paze.Industries.

  1. On the same screen, click on Add a Redirect URI

  2. In the next screen, click on Add a platform and select Web as your platform

  1. In the next screen fill in the form as follows

  • Redirect URIs: The URI of your Paze.Industries application + some redirect path. Enter https://[yourPazeDomain].paze.industries/signin-oidc/[yourtenant]

  • Front-channel logout URL: Leave empty

  • Tick Access tokens and ID tokens (important!)

  1. Click on “Configure”.

  2. In the next screen, click on “Add URI” and enter your backend-redirect URL. Click on “Save” to finalize.

The URI to enter is of the following format: https://[yourbackend].paze.industries/signin-oidc/[yourtenant]. You can find the [yourbackend] URL by navigating to your Paze.Industries application’s login screen in the browser. The URL which is shown during login is your [yourbackend]. In the example below, [yourbackend] equals “galaxyapi”.

  1. Inform Paze.Industries, that you’ve registered Paze.Industries as an AD application. Please also provide the ClientId and TenantId as described in some steps earlier.

  2. After Paze.Industries activates the integration, one of your Azure AD admins needs to navigate to the Paze.Industries applications and log in. The very first time a tenant logs in to Paze.Industries with an Azure Active Directory user, you need to grant admin consent to the application.

  3. Navigate to your Paze.Industries application. Now your login screen provides another login option. Click on the blue external login button:

  1. Log in with one of your Azure Active Directory users and grant the permissions, as shown below. Make sure to “Consent on behalf of your organization”, so that other users are now able to log in without that screen pops up.

Congratulations, your Azure Active Directory integration is ready to be used by your organization's users.

Assign Paze.Industries groups to external Active Directory users or AD groups

Users who log in with Azure Active Directory don’t have any permissions in the Paze.Industries application by default. To add permissions, they need to be assigned to a Paze.Industries group. To ease up the workflow, the assignment between users and groups is done in Azure Active Directory.

To set it up you have to follow the steps as described:

  1. Create a Paze.Industries group and assign permissions (as with “classic” Paze.Industries user management)

  2. Make a note of the group ID - open the group in the Paze.Industries app and look at the URL - the GUID at the end is the group ID (highlighted in red in the screenshot).

  1. Navigate to your Azure Portal, to “App registrations” and open your “Paze.Industries IIoT Platform” registered app, and click on “Create app role”. In the next Screen fill out the input forms as follows.

  • Display name: Azure Active Directory visible name of this app role - can be defined on your own.

  • Allowed member types: Users/Groups

  • Value: Needs to be “senseforce.[Paze.Industries group id]” (with the group id being found in the step above). Example: senseforce.108f08e1-7bdb-4397-854c-093790f52722

  • Description: Any description helping you to manage your app roles.

  1. Click “Apply”. Your app role is now created.

  2. Repeat this step potentially for any of your Paze.Industries groups. Note: This step only needs to be done once per Paze.Industries group.

  3. In your Azure portal, navigate to Enterprise Applications.

  1. Open your “Paze.Industries IIoT Platform” (Note: App registrations are automatically added as Enterprise Applications)

  2. Click “Assign Users and Groups".

Tipp: Assigning individual users to app roles might be cumbersome. It is better practice to add a role assignment to an AD group. All users in this AD group will automatically inherit the groups roles, making adding new users very easy

  1. In the next screen click “Add user/group”.

  2. In the next screen select the user or AD group as well as the according to app role created in the steps before.

  3. Click “Assign”. As a result, the selected user or group is assigned to this app role.

Tipp: You can add multiple app role assignments per user or group. So if you want a user to be assigned to multiple Paze.Industries groups, create multiple app roles and multiple enterprise user assignments

How to add new users after initial setup

Let’s assume, you added all your Paze.Industries groups as App roles as described above and furthermore, you created AD groups with the according to app roles, then adding new users is as follows:

  1. Add a new Azure AD user

  2. Add this user to one of your AD groups which have one or several app roles

The user is now able to log in and has permissions as defined with the app roles.

Info: There are 3 fields for the name in the Active Directory. The "Name", the "Family Name" and the "Given Name". Family Name and Given Name are mapped 1 to 1 into the corresponding Paze.Industries field. If only the "Name" is filled in, it will be mapped to the Family Name in Paze.Industries.

Other details

Forgot password

If an external user wants to engage in the forgot password flow, an error message is prevented.

External login button

If an Azure AD integration is configured, a new, blue, external login button is added.

Microsoft Azure