Azure AD

In the default installation of webPDF the users are read from the XML database "conf/users.xml". It is also possible to use the users from an AzureAD, i.e. an online Active Directory.

You set the AzureAD via the Admin Portal of the server under the item "Server > User source".

Azure AD Registration

To use the Azure AD as a user source, you must register an application on the Azure Portal:

To do this, go to "Azure Active Directory > App registrations" in Azure AD and create a new application there. Select "Supported account types" according to your requirements.

If the application was created using "Register", note the "Application ID" (clientId) from the "Overview" page, as this is required for the configuration. It is also important that the option "Allow public client flows >Enable the following mobile and desktop flows" under "Authentication > Advanced settings" is set to "Yes".

Manual configuration

By adjusting the settings in "conf/server.xml" the user database can be changed.

caution

If possible, use the server's Admin Portal to modify the user database.

To use the users from an AzureAD, you need to add the "azureAd" entry in "user":

<user roleUserGroup="webPDFUser" roleAdminGroup="webPDFAdmin">  
    <azureAd authority="https://login.microsoftonline.com/organizations/"  
             clientId="4c0f....-....-....-....-......650a68"  
             scope="user.read"/>  
</user>

In the "azueAD" entry you have to specify the login URL "authority" of the AzueAD. You also need to configure the "clientId" (ID of the application's registration on the Azure AD portal).

Use the entries "roleAdminGroup" and "roleUserGroup" to define the group names to be assigned to the webPDF groups "user" and "admin". Change the group names to your AD groups:

<user roleAdminGroup="webPDFAdmin" roleUserGroup="webPDFUser">

After all adjustments have been made, the webPDF server must be restarted so that all settings are activated and users are read.