IPBan Pro Web Admin 4.0.0 and later supports Azure SSO. Here are the steps to enable it:

1] Log into Azure portal and search for Entra ID.

2] Click app registrations, create a new app, and name it IPBan Pro.

3] In app -> authentication settings, set your callback url and logout url to https://yourdomain.com/signin-oidc and https://yourdomain.com/signout-oidc, respectively. Also set under “Implicit grant and hybrid flows” to use only ID tokens.

4] In app -> app roles, add four roles: Administrator, Guest, Whitelister, Blacklister. Name,value, description can all be the same.

5] Create groups for each role, or if you Azure plan doesn’t allow groups, just create individual users.

6] Go to enterprise applications and select your app, then click manage -> users and groups.

7] For each group or user, click on them and then find the assigned roles label with a number underlined next to it. Click the number to add/remove roles from the group or user.

8] Add the following json element to your appsettings.json and restart the web admin service:

“OpenId”:
{
“Instance”: “https://login.microsoftonline.com/”,
“Domain”: “[TenantId].onmicrosoft.com”,
“TenantId”: “[Guid_from_Azure_portal]”,
“ClientId”: “[Guid_from_Azure_portal]”,
“CallbackPath”: “/signin-oidc”, // must setup in Azure portal
“SignedOutCallbackPath”: “/signout-oidc” // must setup in Azure portal
}

These values can be found on app registrations -> your app -> overview.

When this OpenId element is in the appsettings, the local authentication is only used for the client machines. Everyone else must exist in the Azure portal.