Microsoft SSO on Self Hosted Instance
Hi,
I'm running the latest release of Twenty and have added the ENV variables in the docker compose file.
AUTH_MICROSOFT_APIS_CALLBACK_URL: "https://crm.myexternaldnsdomain.com/auth/microsoft/redirect"
AUTH_MICROSOFT_CALLBACK_URL: "https://crm.myexternaldnsdomain.com/auth/microsoft-apis/get-access-token"
AUTH_MICROSOFT_CLIENT_ID: "XXXXX....."
AUTH_MICROSOFT_CLIENT_SECRET: "XXXXX......"
AUTH_MICROSOFT_ENABLED: "true"
I have added the API permissions as delegated for whats in the document.
Web Redirect URI's declared in the Registrated App in Microsoft Entra ID are the 2 above URL's.
The app is in Mulit-Tenancy Mode.
But the login fails. I'm using "Continue with Microsoft" but it just loops, no failure or error codes
19 Replies
I get "transient Token is required in red in the low right corner
Below is my API Permissions from registrated app
@Guillaume can you have a look 🙏
I redeployed the whole solution (a blank one) Now I get this issue.
I have below config in .env file and environment variables under server in docker-compose.yml
AUTH_MICROSOFT_APIS_CALLBACK_URL=https://crm.mydomain.com/auth/microsoft/redirect
AUTH_MICROSOFT_CALLBACK_URL=https://crm.mydomain.com/auth/microsoft-apis/get-access-token
AUTH_MICROSOFT_CLIENT_ID=xxxxxxx
AUTH_MICROSOFT_CLIENT_SECRET=xxxxxxx
AUTH_MICROSOFT_ENABLED=true
CALENDAR_PROVIDER_MICROSOFT_ENABLED=false
MESSAGING_PROVIDER_MICROSOFT_ENABLED=false
I'm a little bit confused about below two entries! Ist it my domain name or a url from microsoft that should be stated there
AUTH_MICROSOFT_APIS_CALLBACK_URL=
AUTH_MICROSOFT_CALLBACK_URL=
When I set the
CALENDAR_PROVIDER_MICROSOFT_ENABLED=true
MESSAGING_PROVIDER_MICROSOFT_ENABLED=true
I get the "transient Token is required"
And when I set above environment variables to false I get the "Microsoft apis auth is not enabled"
I have tried adding above .env variables both to server and worker in the docker-compose.yml file, with no difference in result
@Raphaël can you have a look since @Guillaume is in PTO 🙏
@nickponcho I feel it would be better to make a call in this case, would you be available on Friday?
I will be off on Thursday and Friday due to sports-holiday in Sweden. But all other days is working
next Monday?
What TZ are you in? I'm available from 2pm CET
sounds good !
DMing you with my email
Hello! Is there an update on this? I am getting the same issue
We did not have any issue for a couple weeks on this topic. What is yours ?
I was getting the same “Microsoft apis auth not enabled”, but after doing some testing I now have a different problem, where the redirect link that MS sends the code to isn’t able to get an access token. It hangs on the page for a while, then it sends a message in console saying that it could not fetch (screenshot)
My env:
AUTH_MICROSOFT_APIS_CALLBACK_URL=https://myurl.com/auth/microsoft-apis/get-access-token
AUTH_MICROSOFT_CALLBACK_URL=https://myurl/auth/microsoft/redirect
AUTH_MICROSOFT_CLIENT_ID=myclientid
AUTH_MICROSOFT_CLIENT_SECRET=myclientsecret
AUTH_MICROSOFT_ENABLED=true
Since most of our users don't have this issue. I would bet it's :
- a problem in your .env : your last message looks good to me though
- a problem in your Microsoft configuration : might be something to dig over there.
It could be related to roles / persmissions that you gave to the app in Azure.
I checked and everything seems fine, i'm a bit confused on why the function is trying to fetch that ip, and why its timing out. If if was a bad request it would just say so, maybe its a problem with my firewall, but I am not sure.
The issue is fixed, it seems to have been a problem with my firewall.
đź‘Ť