Installing the Jet Service Tier / Jet Hub with Azure Active Directory

Overview

When you first start the Jet Setup program, you will be asked to select the type of user management your organization uses.

Assuming you have an Azure account for your organization and that you have already created an Azure Active Directory, you can create Microsoft Client Applications that allow you to use Azure Active Directory to manage your users within Jet Products.

This functionality does not require additional or premium licensing on the part of Azure Active Directory.

Register your App

1. Log in to your Azure portal (portal.azure.com)

2. Navigate to your Azure Active Directory

3. Click on App registrations

   • Click on +New registration to register a new app

   

   • Give your app a name
   • Under Supported Account Types, select Account in this organizational directory only (This is the default setting)
   • Under Redirect URI (optional), select the type of Web and enter your Jet Hub URL

     This entry must start with https:// and contain the base URL that your users will use to sign in to your Jet Hub. The URL could contain the machine name to which you will install Jet Hub or the DNS entry for this site. Examples are:
     https://myservername.mydomain.com
     https://dnsname.mydomain.com

   • Click Register

   

Configure your App

Now that your app is registered, there are additional settings that are needed.

1. Navigate to the Authentication page

   

   • Add the following additional Redirect URIs of type Web:

     • https://<JetHubURL>/account/logout
     • https://<JetHubURL>/signin-aad
     • https://<JetHubURL>/identity/signin-aad
     • https://<JetHubURL>/identity/external/callback

       Replace "<JetHubURL>" with what you specified above for your Jet Hub URL.

       Double-check your entries to insure there are no misspellings as this can cause the Jet Hub web client to not function correctly.

   • Add the following logout redirect under Front-channel logout URL
     • https://<JetHubURL>/account/logout
   • Check the boxes for Access tokens and ID tokens to enable implicit grant and hybrid flow
   • Click Save
     

2. Navigate to Certificates & secrets, click+New client secret to set up your Client Secret

   

   • Give your client secret a description, select when it expires, then click 'Add'.

     24 months is recommended for the Jet app expire option.

     Copy the generated secret value and paste into Notepad (or other text editor) for saving.

     This will be your only chance to copy it, and it will be required information during the install of Jet Products. If you forget to copy it, you can just create another secret.
     

     

3. Navigate to API permissions tab, click+Add a permission, APIs my organization uses, Microsoft Graph. 

   

4. Select Application permissions

   
   • Expand Directory and check Directory.Read.All
   • Expand Group and check Group.Read.All
   • Click Add permissions
   

5. Click Add permissions, again. Select APIs my organization uses then Microsoft Graph. 

   • Select Delegate permissions
   
   • Expand Group and check Group.Read.All
   • Click Add permissions
   

6. From the API Permissions page, click on the Grant admin consent for <DomainName> button. Then, click Yes in the confirmation dialog.

   

7. Go to the Overview page and copy the Application (Client) ID and the Directory (tenant).

   

Install Jet Reports

Note: Not all steps are shown, just those pertaining directly to configuring for use with Azure Active Directory

1. Run Jet Setup.exe

2. When prompted, Enter the Jet Hub URL. Click Next.

   

3. Select Azure Active Directory. ClickNext

   

4. Enter the Client Application details that you saved to Notepad and click Next.

   

5. On the Jet Service Tier settings page, sign into an Office 365 account.  This will be the first user and administrator in the Jet Service Tier and Jet Hub. Click Next to continue the install.