Setting up Entra ID authentication in Factry Historian

requirements before starting, make sure you have completed the app registration process you can find the full instructions here registering an app in entra id docid\ y7nflubtgvhbfahpgvcbe you will need tenant id – the unique identifier for your azure ad tenant client id – the application’s identifier created during app registration client secret – the secret generated for the application in azure ad configure authentication in factry historian, go to configuration > server settings > authentication providers click create provider fill in name – a friendly name for the authentication provider tenant id – your azure ad tenant’s unique id client id – the app’s unique id from azure client secret – the secret corresponding to the client id decide whether to enable group mapping (allows azure groups to map to historian user groups) decide whether security groups or app roles are used to determine the groups which the user is added to click save & test to verify the configuration if the test is succesful, configure user mapping enable group mapping to map user groups defined in azure to user groups defined in historian (with certain privileges attached) in azure ad, find the object ids of the security groups or app roles you want to use these can be found in the group overview in factry historian, assign these to the corresponding historian user groups this will automatically assign users to the correct groups when they log in test authentication and user mapping log out of factry historian try logging in using your azure ad account check if login succeeds without errors if the correct user groups and permissions are applied troubleshooting user has no privilege to login if no group mapping is enabled in historian ( see screenshot ) → you must manually add the user to a group in historian to grant privileges if group mapping is enabled in historian ( see screenshot ) → group mapping is either not picked up correctly, or the mapped group is incorrect error aadsts50011 the redirect uri 'http //localhost 8000/api/auth/microsoft/callback' specified in the request does not match the redirect uris configured for the application historian url does not match the redirect url configured in the azure ad app registration learn more here https //aka ms/redirecturimismatcherror historian microsoft common issues in factry historian – the authentication base url was changed, but historian was not restarted this must be correctly set during setup in azure app registration – incorrect redirect uri saved, such as wrong historian base url or incorrect authentication provider name