Enabling OAuth-based User Login Authentication
In addition to configuring the OAuth 2.0 server for user login authentication based on the OAuth 2.0 protocol (see Configuring OAuth Servers for User Login Authentication and Configuring OAuth 2.0 Servers, you need to enable OAuth-based login authentication.
You can enable OAuth-based login authentication only. In this configuration setup, the Web Login page is displayed as below. To log in, click Login with Azure AD. You are redirected to Microsoft login page to start the login process. If login fails, you are redirected to the Web Login page and a failure message is displayed.
Alternatively, you can enable OAuth-based login authentication with local (or RADIUS or LDAP) login authentication. Local authentication uses the Local Users table (see Configuring Management User Accounts) to authenticate the user's login credentials (username and password). This means that the user can choose to log in to the device using any one of these authentication methods. In this configuration setup, the Web Login page is displayed as below:
To log in using OAuth 2.0 authentication, click Login with Azure AD. To log in using local (or RADIUS or LDAP) authentication, enter your username and password, and then click Log In.
For OAuth user login authentication, you also need to enable the OAuth server used for login authentication ('Service Activation' parameter) in the Login OAuth Servers table (see Configuring OAuth Servers for User Login Authentication).
➢ | To enable OAuth-based login authentication: |
1. | Open the Authentication Server page (Setup menu > Administration tab > Web & CLI folder > Authentication Server). |
2. | From the 'Use OAuth for Web Login' drop-down list, select one of the following: |
● | Disable: Disables OAuth-based login authentication |
● | Enable with local login: Enables both OAuth-based login authentication and local login authentication (using the Local Users table) |
● | Enable without local login: Enables OAuth-based login authentication only |
The 'Redirect URI' read-only field displays the URL (i.e., device's IP address, or hostname if configured) that the user is redirected to (e.g., by Azure AD) after it has been successfully authenticated (and is then logged in).
3. | Click Apply. |