Skip to main content

Configure OAuth for Universal Controller

After setting up the Entra App for Universal Controller, we will configure OAuth Single Sign-On Settings.

Step 1

Login to your Universal Controller instance at https://<your-uac-url>.

Step 2

Go to Administration > OAuth Single Sign-on

  • Check OAuth Single Sign-on.
  • Set User Provisioning to Web Browser Access, Web Service Access.
  • Set Issuer URI to the Issuer value in Entra you noted earlier.
  • Set Client ID to the Application (client) ID value in Entra you noted earlier.
  • Set Client Secret to the Client Secret Value in Entra you noted earlier**.**
  • Set Scopes to "openid", "email" and "profile".
  • Set User Id (Username) Claim name to "email".
  • Check Proof Key for Code Exchange (PKCE)
  • Set OAuth Bearer Token Validation to JWT.
  • Set Audience Claim Value to the same value as Client Id.

In the Attribute Mappings section, we will use the claim values from Entra:

  • Set First Name to "given_name".
  • Set Last Name to "family_name".
  • Set Email to "email".
  • Set Groups to "groups".

Step
3

Next, we will test OAuth.

At this point, Universal Controller should be configured to authenticate with Entra.

  • Sign out from Universal Controller
  • Go to https://<your-uac-url>/uc/oauth2

You will be sent to Microsoft and prompted to sign in.

At the first login, you will also be asked to give access to the Universal Controller.

Give consent and click Accept.

After that you will come back to Universal Controller, as your OAuth User.

Step
4

We will come back here to configure Universal Portal settings after we create another Entra application.