SystemWeaver introduces a third alternative sign-in method beyond username/password and the existing Network ID authentication. Microsoft Entra ID (formerly known as Azure Active directory) authentication can now be used in the swExplorer and the swArchitect clients and the ClientAPI. This update provides the added benefit of multi-factor authentication (MFA), Single Sign-on (SSO), easier offboarding, etc.
Server
To utilize Entra ID authentication for SystemWeaver, there is one additional configuration file, Systemite.SystemWeaver.TcpSubServer.exe.json, needed for the main server installation which is provided in your Bö (R50) upgrade delivery. (A separate .json is not needed for mirror server installations.)
Example:
{
"AzureAd": {
"TenantId": "b4444444-c222-3333-ba2a-6666666ab6ad",
"ClientId": "88888888-eeee-4444-ace4-6555555be66c",
"RedirectUri": "http://localhost/", "Scopes": "User.Read;http://print.microsoft.com/PrintSettings.Read"
}
}
1. Copy the provided example json file to your main server installation.
2. Open the file in a text editor app and replace the dummy values for “TenantId”, “ClientId”, and "RedirectUri" with valid values from your Azure AD:
TenantId: (Required) The unique ID of your Azure AD tenant (organization).
ClientId: (Required) The Application (client) ID for your registered app in Azure AD.
RedirectUri: (Required) The callback URL that Azure Active Directory (Azure AD) will redirect the user to after they sign in or grant permissions. The redirect URI must be registered exactly the same in your Azure AD app registration under “Authentication” → “Redirect URIs”.
Scopes: (Optional) Custom scopes are also supported. If there is more then one scope, separate them with ";".
2. Save your changes and remove the .example suffix from the file name.
3. Restart the server.
4. A SystemWeaver Administrator must enter the Entra IDs in the SystemWeaver user accounts.
Note: There are a number of additional files in the installations for Entra ID.
Set up User Accounts for Entra ID
To set up user accounts for Entra ID authentication, enter the user's User Principal Name (UPN) from Entra ID in the Entra ID field in their user profile using the swAdmin2 client.
As before, a user account must have at least one of the following login alternatives saved in their profile:
- Network ID
- Entra ID
- Password
An Entra ID can only be used in one user account.
Note: Althought not a breaking change, if an older swAdmin2 client is used, the Network ID value will appear parsed. We recommend using the new client.
Sign in with Microsoft
If your organization has configured a SystemWeaver server to accept Entra ID authentication, you can click the Sign in with Microsoft button to use your Entra ID to log in. The first time that you log in, you will need to grant access to the application to use Entra ID.
Next, choose the Windows Entra ID account to use for sign in.
Note: Support for use with the swAdmin2 client is not included with this release.
ClientAPI: Support for Entra ID
We support Entra ID login with our Client API as well.
There is a new nuget package for using Entra ID login with the Client API. This nuget is called SystemWeaver.EntraID and can be used together with SystemWeaver.Connection as an addon to enable Entra ID login.
To utilize Entra ID login you configure the AuthenticationMethod to the new enum value EntraIdAuthentication:
SWConnection.Instance.AuthenticationMethod = AuthenticationMethod.EntraIdAuthentication;
Notes:
- With this release there is a limitation where the nuget package is not compatible with .Net Core which means that SystemWeaver.Connection.Core does not support Entra ID login.
- Support for use with the SystemWeaver RestAPI is not included.