IPBan Pro Web Admin 4.0.0 and later supports Azure SSO. Here are the steps to enable it:

1] Log into Azure portal and search for Entra ID.

2] Click app registrations, create a new app, and name it IPBan Pro.

3] In app -> authentication settings, set your sign in callback url to https://yourdomain.com/signin-oidc and logout callback url to https://yourdomain.com/signout-oidc. Also set under “Implicit grant and hybrid flows” to use only ID tokens.

4] In app -> app roles, add four roles: Administrator, Guest, Whitelister, Blacklister. Name,value, description can all be the same.

5] Create groups for each role, or if you Azure plan doesn’t allow groups, just create individual users.

6] Go to enterprise applications and select your app, then click manage -> users and groups.

7] For each group or user, click on them and then find the assigned roles label with a number underlined next to it. Click the number to add/remove roles from the group or user.

8] Add the following json element to your appsettings.json and restart the web admin service:

"OpenId":
{
"Authority": null, // use https://login.microsoftonline.com/common for multi-tenant/external users
"Instance": "https://login.microsoftonline.com/",
"Domain": "{0}.onmicrosoft.com", // {0} is replaced by tenant id
"TenantId": "[Guid_from_Azure_portal]", // use common for multi-tenant/external users
"ClientId": "[Guid_from_Azure_portal]",
"CallbackPath": "/signin-oidc", // must setup in Azure portal
"SignedOutCallbackPath": "/signout-oidc", // must setup in Azure portal
"LogoutUrl": "", // override logout url, use {0} for ClientId placeholder. Example for Microsoft: https://login.microsoftonline.com/common/oauth2/logout?client_id={0}
"ValidateIssuer": true, // set to false for multi-tenant/external users
"Prompt": "select_account" // login, none, consent, select_account. See https://learn.microsoft.com/en-au/entra/identity-platform/v2-oauth2-auth-code-flow
}

These values can be found on app registrations -> your app -> overview.

When this OpenId element is in the appsettings, the local BASIC authentication is only used for the client machines. Everyone else must exist in the Azure portal.

[email protected]

Stay up to date with the latest news, releases and more.