Install the Jet Service Tier or Jet Hub with Active Directory and Single Sign-On
This features is available in Jet Reports 2019 R2 and higher.
Overview
When you start the Jet Setup program, you will be asked to select the type of user management your company uses.
The first option will configure Jet Reports for use with Active Directory. Optionally, you can use Microsoft 365 Single Sign On.
Assuming you have an Azure account for your organization and that you have already created a Microsoft Entra ID, you can create Microsoft Client Applications that allow you to use Microsoft Entra ID to manage your users within Jet Products.
This functionality does not require additional or premium licensing on the part of Microsoft Entra ID.
Register your App
-
Sign in to Azure portal (Microsoft Azure).
Important: The user signing in need not be an Azure administrator, but admin consent will be required at a specific point in the process.
Go to Microsoft Entra ID > App registrations > +New registration. The Register an application page is displayed.
In Name, provide a name for your application.
In Supported Account Types , select Account in this organizational directory only (This is the default setting).
-
In Redirect URI (optional), select Web from the dropdown and enter your Jet Hub URL.
The URL must start with https:// and contain the base URL that users use to sign in to the Jet Hub. The URL either contains the machine name on which the Jet Hub is installed or the DNS entry for the Jet Hub site.
Examples:
https://myservername.mydomain.com
https://dnsname.mydomain.com
-
Click Register.
Configure your App
Now that your app is registered, there are additional settings that are needed.
-
Go to the Authentication page.
-
In Web > Redirect URIs, add the following URIs:
https://<JetHubURL>/account/logout
https://<JetHubURL>/signin-aad
https://<JetHubURL>/identity/signin-aad
https://<JetHubURL>/identity/external/callback
Replace "<JetHubURL > " with what you specified above for your Jet Hub URL.
Double-check your entries to insure there are no misspellings as this can cause the Jet Hub web client to not function correctly.
-
In Front-channel logout URL, add the following URL:
https://<JetHubURL>/account/logout
- Select Access tokens and ID tokens to enable implicit grant and hybrid flow.
- Select Save.
-
On the Certificates & secrets tab, click +New client secret to set up your Client Secret.
- Give your client secret a description, select when it expires, then select Add.
- Copy the generated secret value and paste into notepad (or other text editor) for saving.
Go to API permissions tab, select +Add a permission , APIs my organization uses, Microsoft Graph
Select Application permissions.
Expand Directory and select Directory.Read.All.
Expand Group and select Group.Read.All.
Click Add permissions.
-
Click +Add a permission.
Select APIs my organization uses , then Microsoft Graph.
Select Delegated permissions.
Expand Group and select Group.Read.All.
Click Add permissions.
At the bottom of the API Permissions page, select the Grant admin consent for <DomainName> button. Then, selectYes in the confirmation dialog.
-
Go to the Overview page and copy the Application (client) ID and the Directory (tenant) ID to your notepad document.
These will also be required during the installation of the Jet Hub components.
Install Jet Reports
Note: Only the steps that are directly related to setting up Active Directory with Microsoft 365 Single Sign On are displayed.
Double-click Jet Reports Services Setup.
-
Enter the Jet Hub URL and select Next.
When prompted, select Active Directory and select>Enable Microsoft 365 Single Sign On. Click Next
Enter the client application details that you saved to notepad and click Next. When the install is complete, you will be able to sign in using your Microsoft 365 Account.
After creating the database, if you selected to install the Jet Service Tier, sign in using the Microsoft 365 credentials for the user you want to be the first admin in Jet Hub. Click Next