Hello,
i'm configuring SAML Azure authentication and I need synchronization of users and groups.
In your guide you use a client secret to access datas but on my application I can't use it and I must use a certificate.
How is it possible to use the certificate instead of client-secret in dataminer.xml configuration?
Thanks
Hi Emanuele,
DataMiner uses the Microsoft Graph API of EntraID (aka Azure Active Directory) to get info about users and groups.
For that we follow this procedure:
Get access without a user - Microsoft Graph | Microsoft Learn
To do requests, DataMiner will retrieve an access token first from the /oauth2/v2.0/token endpoint.
cf Request an access token - Microsoft Graph | Microsoft Learn
I don't immediately see how this will work without a client secret?
Is there an alternative way to get a token via some certificate?
If there is a way, this is currently not supported.
Indeed it does mention it.
I cannot find any details on how it works though.
Maybe something to investigate for the future, but unfortunately I can confirm that this is not supported right now.
The only options to setup EntraID right now are a client secret or credentials (username & password).
What is the reason you cannot use a client secret?
security topic.
I try to push to have one client secret
Microsoft page you mention says:
A client secret (application password), a certificate, or a federated identity credential.
Honestly I don’t know which of the three are mandatory or optional