Create, deploy, and maintain analytic applications that engage users and drive revenue. See a Logi demo

Development Tips

Logi Tutorial: How to Integrate Logi with Microsoft Active Directory for Enhanced User Authentication

By Mahyar Ghasemali | April 9, 2019
Share on LinkedIn Tweet about this on Twitter Share on Facebook

This post originally appeared on dbSeer, a business analytics consulting firm and Logi Analytics partner.

As an increasing number of companies are moving their infrastructure to Microsoft’s Azure, it seems natural to rely on its Active Directory for user authentication. Logi application users can also reap the benefits of this enterprise level security infrastructure without having to duplicate anything. Additionally, even smaller companies who use Office365 without any other infrastructure on the cloud, excluding email of course, can take advantage of this authentication.

Integrating Logi applications with Microsoft’s Active Directory produces two main benefits: attaining world class security for your Logi applications, and simplifying matters by having a single source of authentication. The following post describes how this integration is done.

1. Register Your Application with Microsoft

First, register your application with Azure Active Directory v. 2.0. This will allow us to request an access token from Microsoft for the user. To do this navigate to “https://apps.dev.microsoft.com/#/appList,” and click the “Add an app” button. After entering your application name, on the following page, click the “Add Platform” button and select “Web”. Under Redirect URLs, enter the URL of your website logon page (sample format: https:////.jsp). Microsoft does not support redirects to http sites, so your page must either use https or localhost. Make note of the redirect URL and application ID for the next step.

2. Create Custom Log-on Page for Logi Application

Microsoft allows users to give permissions to an application using their OAuth2 sign-in page. This process returns an access token, which has a name, email address, and several other pieces of information embedded within which we use to identify the user.

These next steps show you how to create a log-in page that redirects users to the Microsoft sign-in, retrieves the access token, and passes whichever value you want to use to identify the employee to Logi.

1) Download the rdLogonCustom.jsp file or copy paste the contents into a file. Place it in the base folder of your application.
2) Configure the following settings within the rdLogonCustom.jsp file to match your Logi application:

Change the ‘action’ element in the HTML body to the address of your main Logi application page:


Change the “redirectUri” and “appId” in the buildAuthUrl() function to match the information from your application registration with Azure AD v2.0:

The sample log-on page redirects the user to Microsoft’s page, allows the user to sign in before redirecting back to the log-on page. At the log-on page, it parses the token for the email address, passes the value to the authentication element using the hidden input to pass as a request parameter.

If you want to use a different value from the access token to identify the user, adjust the key in the “document.getElementById(‘email’).value = payload.” in the bottom of the custom logon file to match your desired value.

3. Configure Logi App

In your _Settings.lgx file, add a security element with the following settings:

*If your log-on page and failure page have different names, adjust accordingly.
Under the security element, add an authentication element with a data layer that uses the value found in @Request.email~ to identify the user. Optionally, you can add rights and roles elements to the security element as well.

In conclusion, utilizing this integration for your Logi applicatons can not only make your process more efficient by eliminating a duplicate authentication, but it can also provide for an added level of security because of Microsoft’s robust infrastructure.

About the Author

Mahyar is an expert in business analytics, database optimization, and agile development. Before founding dbSeer, Mahyar led software development at Telarix, where he managed a globally dispersed team and focused on building scalable, high-performance business and network applications for the telecom industry. Prior to Telarix, Mahyar was head of professional services at Logi Analytics, where he oversaw the delivery of business analytics solutions in various industries, including advertising, healthcare, and telecommunications. Mahyar holds a bachelor degree in computer science from Azad University in Tehran.

Subscribe to the latest articles, videos, and webinars from Logi.