From Web Port version 2.23.3 you are able to use Kiona Identity/Single Sign On(SSO) as login-method. This keeps you logged in with a Kiona ID and you can swap between Kiona applications(Edge, Energinet, IWMAC & Web Port) without having to login multiple times.
NOTE!
HTTPS must be configured on your Web Port server in order to use Kiona Identity.
Read more about configuration of SSL here
Activate Kiona Identity/SSO
To activate Kiona Identity/SSO first go to System settings/Server and click on Authentication-settings.
Check the box "Enable Kiona Identity"(1) and settings for this will appear below.(2)
NOTE!
The option to select "Obligatory Group" is an option if you want that non-admin users must be asigned to this group to be able to login.
Tip!
You can set default authentication to Kiona Identity (KIONA ID), the login screen will now change from the local login to a new screen for the users. So users are forced to login with Kiona Identity.
To access the standard Web Port login just add access/login in url
a.g. http://localhost:8090/access/login
Information
If Kiona identity is default authentication, you don't need to create password or pin when adding users. Users created will instead recieve an email with a link to a page where they will create their own password and setup their account. Keep in mind that the email could end up in users junk inbox.
Note!
If Kiona identity is enabled, 2-factor authentication is disabled under connections.
Kiona Identity settings
There are 3 settings to use:
| Setting | Description |
| Tenant id | External Azure AD Tenant Id |
| Migrate users to Kiona id (checkbox) | This will migrate all users that have an emailadress filled in under Access/Users |
| Enable multi-factor authentication (checkbox) | Enable multi-factor authentication for all Kiona Identities |
NOTE!
Tenant ID is only needed if External Azure AD is used. Otherwise leave blank.
The configuration of Kiona Identity is now done and are ready to use. If your uesing an external Azure AD-database for SSO, continue with instructions below.
Setting up Tenant ID for External Azure AD
Azure Active Directory tenant ID must be provided.
Tenant ID will be found here in Azure:
Once Tenant Id(1) is entered Grant Permissions button will appear(2).
Clicking the button(2), will open a new tab where it requires to sign in to Microsoft. (This should be done by admin user of Azure Active Directory).
Once the admin user signs in, user will be prompted with following popup below: Admin should tick the checkbox "Consent on behalf of your organization" and Accept so that all the users within the AAD will get the permissions granted for them.
Mapping groups
Group ID will be found here in Azure:
Groups are mapped by adding the group ID from Azure to group in Web Port.