Skip to main content

Example on Access Management Configuration

How to configure Frends to use OpenID or AD.

Ossi Galkin avatar
Written by Ossi Galkin
Updated over a year ago

The Frends UI requires users to log in with OpenID Connect (Office 365 or Azure AD) or a local domain user account (on a local installation). It also allows you to restrict access to Views, Processes, or Environments for specific authenticated users or groups.

By default, every authenticated user has access to all functionality except user management. To restrict access to specific Views and actions, you can define custom rules, which can be defined in the User Management View that can be found under Administration List View. Only users with Administrator role can manage user access.

Windows Authentication

IIS Configuration: Windows Authentication enabled and Anonymous Authentication disabled.

When Windows Authentication is enabled, users will be logged in using their Windows domain accounts. By default, they will be considered to be in any roles matching the names of the domain groups they are part of in AD. This can be turned off for a user by unchecking the "Inherit roles from Active Directory" option if you wish to manage the role membership in Frends explicitly.

NOTE: You will still have to create and manage the Frends roles separately; they will not be automatically generated, except for the built-in roles: Users, Editor, Administrator, and Viewer.

For example, say you have a Windows domain user, DOM\fooUser, who is part of domain groups Users, BusinessUsers, and LocXUsers. By default, the user will be in the built-in Users Frends Role and uses the rules for that. If you then create a new BusinessUsers Role in Frends, the user will be part of that group also.

Register Azure AD Application

You can use the following instructions to register a new Azure AD Application. The Application should be a Web Application, and the Sign-On URL should be the link to Frends, for example https://demo.frendsapp.com


Please make sure that the Implicit Grant - ID Tokens is enabled in the Authentication section:

Configure Frends 

For Frends to be able to use the AD Application, the following information is needed from the registered Application.

  • Application ID: e.g. 50549e93-99dd-4690-9948-3c8ec076ddfb

  • Tenant: e.g companyname.onmicrosoft.com

Navigate to Administration List view -> User Management View -> OpenId Connect Applications View

Did this answer your question?