Entra ID OAuth2

Based on your application type, refer to the appropriate section for Entra ID OAuth2 configuration:

Once the Entra ID OAuth2 configuration is ready, you can add users and groups to erwin Mart Portal.

Before you configure Entra ID OAuth2, ensure that you have responded to the questionnaire from your Quest Support representative so that they can provide the Redirect URI for your instance. If you did not receive the questionnaire, reach out to your Quest Support representative.

To configure Entra ID OAuth2 for erwin Mart Portal on-cloud authentication, follow these steps:

  1. Log in to the Microsoft Entra admin center and go to the App registrations page.

    Microsoft Entra admin center

  2. Click New registration. On the Register an application page, enter an appropriate name, supported account type, and the Redirect URI provided by Quest Support.

    Register an application page

    The Contoso support account type is used for registration.

    Adding the Redirect URI is optional at this stage and can be updated later.

  3. Click Register.

  4. Go to Certificates & secrets.

    Certificates and secrets page

  5. Click New client secret.

  6. Enter a Description. Then, click Add.

  7. Copy the auto-generated value highlighted in the following image.

    Certificates and secrets page displaying the client secret value

  8. Go to API permissions.

    API Permissions page displaying the Add a permission option

  9. Click Add a permission.

    Request API permissions page displaying the Microsoft Graph option

  10. Click Microsoft Graph.

    Request API Permissions page displaying Application permissions

  11. Select Application permissions.

  12. Search and expand Group and select Group.Read.All permission. Then, click Add permissions.

    Request API permissions page adding group permissions

  13. Go to Add a permission> Microsoft Graph > Application permissions again. Search and expand User and select User.Read.All permission. Then, click Add permissions.

    Request API permissions page adding user permissions

  14. On the API permissions page, under the Configured permissions section, click Grant admin consent for Contoso.

    Page displaying the Grant admin consent for Contoso option

  15. Go to the Authentication page and click Add Redirect URI.

    Authentication page diaplaying the Add redirect URI option

  16. Click Web.

    Select a platform to add redirect URI page

  17. Enter the Redirect URI, and then click Configure.

    18. Add Redirect URI page

  18. Go to the Overview page and note the Application (client) ID and Directory (tenant) ID. Graph scope and Client URI are default.

    Overview page displaying cleint ID and tenant ID

  19. Share the following details with the Mart Cloud Support team:

    • Tenant ID: The Directory (tenant) ID copied in step 18.

    • Graph Scope: The Microsoft Graph permission scope requested for acquiring an access token. For example, https://graph.microsoft.com/.default.

    • Client ID: The Application (client) ID copied in step 18.

    • Client URI: The base URI. For example, https://login.microsoftonline.com/

    • Client Secret: The auto-generated value copied in step 7.

Once the support team authenticates erwin Mart Portal for you, you can move to users and groups in erwin Mart Portal at https://<your_instance>.myerwin.com/MartPortal.

To configure Entra ID OAuth2 for erwin Mart Portal on-premises authentication, follow these steps:

  1. Log in to the Microsoft Entra admin center and and go to the App registrations page.

    Microsoft Entra admin center

  2. Click New registration. On the Register an application page, enter an appropriate name, supported account type, and the Redirect URI provided by Quest Support.

    The Contoso support account type is used for registration.

    Adding the Redirect URI is optional at this stage and can be updated later.

  3. Click Register.

  4. Go to Certificates & secrets.

    Certificates and secrets page

  5. Click New client secret.

  6. Enter a Description. Then, click Add.

  7. Copy the auto-generated value highlighted in the following image.

    Certificates and secrets page displaying the client secret value

  8. Go to API permissions.

    API Permissions page displaying the Add a permission option

  9. Click Add a permission.

    Request API permissions page displaying the Microsoft Graph option

  10. Click Microsoft Graph.

    Request API Permissions page displaying Application permissions

  11. Select Application permissions.

  12. Search and expand Group and select Group.Read.All permission. Then, click Add permissions.

    Request API permissions page adding group permissions

  13. Go to Add a permission> Microsoft Graph > Application permissions again. Search and expand User and select User.Read.All permission. Then, click Add permissions.

    Request API permissions page adding user permissions

  14. On the API permissions page, under the Configured permissions section, click Grant admin consent for Contoso.

    Page displaying the Grant admin consent for Contoso option

  15. Go to the Authentication page and click Add Redirect URI.

    Authentication page diaplaying the Add redirect URI option

  16. Click Web.

    Select a platform to add redirect URI page

  17. Enter the Redirect URI, and then click Configure.

    18. Add Redirect URI page

  18. Go to the Overview page and note the Application (client) ID and Directory (tenant) ID. Graph scope and Client URI are default.

    Overview page displaying cleint ID and tenant ID

  19. For Mart Portal on-premise, on the erwin Mart Portal Configuration screen, click the Authentication tab, select Entra ID OAuth2, and configure the following parameters for SSO:

    • Tenant ID: Paste the Directory (tenant) ID copied in step 18.

    • Graph Scope: Enter the Microsoft Graph permission scope requested for acquiring an access token. For example, https://graph.microsoft.com/.default.

    • Client ID: Paste the Application (client) ID copied in step 18.

    • Client URI: Enter the base URI. For example, https://login.microsoftonline.com/

    • Client Secret: Paste the auto-generated value copied in step 7.

      • SSO Entra ID Authentication

  20. Click Configure.

Your erwin Mart Portal is now authenticated via Entra ID OAuth2.

You can move to users and groups in erwin Mart Portal

Adding Users in erwin Mart Portal

To add your Entra ID users to erwin Mart Portal, follow these steps:

  1. Log in to the erwin Mart Portal as an administrator.

  2. Go to Application Menu > Users.
    The Users page appears.

    Users

  3. Click Add User.
    The Add User page opens.

    Entraiduser

  4. In the User Type field, select Entra ID User and add details in the Username, Display Name, Email Address, and Confirm Email Address fields.

  5. Click Save.

The user has been added.

Adding Groups in erwin Mart Portal

To add your Entra ID groups to erwin Mart Portal, follow these steps:

  1. In the Microsoft Entra admin center, click Groups > All groups > Download groups.

  2. Log in to the erwin Mart Portal as an administrator.

  3. Go to Application Menu > Users.
    The Users page opens.

    Users

  4. Click Add User.
    The Add User page appears.

  5. Under User Type, select Entra ID Group.

    Entraidgroups

  6. Under Group name, select the group that you want to add.

  7. In the Email Address field, enter your email address.

  8. Click Save.

The group has been added.