Configuring Entra ID for i2 Explore for iBase

To use Entra ID with i2 Explore for iBase, you need to configure Entra ID before starting the deployment process.

Before you begin

Some assumptions are made about your environment when configuring Entra ID for i2 Explore for iBase:

  • There is already a Microsoft Azure Enterprise Application configured for iBase to use Entra ID.

  • iBase Designer can browse and add Entra ID users, using the iBase Security Manager.

This video provides a walkthrough of how to configure Entra ID in the Administration Console.

You can link to the video directly here.

Adding a Web Redirect URI to your Entra ID Enterprise Application in Azure

The Liberty application server sends a redirect to the configured Entra ID Application as part of the authentication process.

The redirect URI that it uses must be added to the Entra ID Application's Web Redirect URIs, or the Entra ID Application refuses the authentication attempt.

The format of the Web Redirect URI that needs to be added to your Entra ID Enterprise Application is as follows:

Replace the following placeholders with your own values:

  • <I2ANALYZE_SERVICE_FQDN> with the fully qualified domain name (FQDN) of the server where Explore for iBase is installed.

  • <HOST_PORT_I2ANALYZE_SERVICE> with the port number that Explore for iBase listens on (default is 9443).

https://<I2ANALYZE_SERVICE_FQDN>:<HOST_PORT_I2ANALYZE_SERVICE>/oidcclient/redirect/oidc-entra

For example:

https://i2explore.exampledomain.com:9443/oidcclient/redirect/oidc-entra

Obtaining the Entra Client ID, Tenant ID, and Client Secret

You need to acquire these from your Microsoft Azure Enterprise Application which is configured for iBase to use Entra ID.

You may need to create a new client secret for the application if you do not already have one.

They are required during the deployment process.

  • Client ID: This is the Application (client) ID of your Entra ID Enterprise Application.

  • Tenant ID: This is the Directory (tenant) ID of your Entra ID Enterprise Application.

  • Client Secret: This is the client secret for your Entra ID Enterprise Application to use with Explore for iBase.

Configuring i2 Explore for iBase to use Entra ID

Configure using the Administration Console

Set the following properties on the Configuration tab in the i2 Explore Administration Console:

  • The iBase security mode

    • Set to ENTRA_ID

  • Entra client ID

    • This is the Application (client) ID of your Entra ID Enterprise Application

  • Entra tenant ID

    • This is the Directory (tenant) ID of your Entra ID Enterprise Application

  • Entra authority

    • The URL for Entra ID authentication

    • Defaults to https://login.microsoftonline.com/{TENANT_ID}. {TENANT_ID} will be replaced with the Entra tenant ID value

Set the following secret on the Secrets tab of the Administration Console:

  • EntraID Client Secret

    • This is the client secret for your Entra ID Enterprise Application to use with Explore for iBase

Configure using the command line

Set the following properties in the <installation_location>/analyze-deployment-tooling/configs/explore-for-ibase/utils/variables.conf file:

  • IBASE_AUTH_MODE

    • Set to ENTRA_ID

  • ENTRA_CLIENT_ID

    • This is the Application (client) ID of your Entra ID Enterprise Application

  • ENTRA_TENANT_ID

    • This is the Directory (tenant) ID of your Entra ID Enterprise Application

  • ENTRA_AUTHORITY

    • The URL for Entra ID authentication

    • Defaults to https://login.microsoftonline.com/{TENANT_ID}. {TENANT_ID} will be replaced with the ENTRA_TENANT_ID value

Run the following command from the <installation_location>/analyze-deployment-tooling directory to set the Entra ID client secret:

  • setup -p <password> -t setPassword ENTRA_SECRET

When you have configured Entra ID, you can proceed to deploy Explore for iBase with Entra ID. Follow the instructions in Deploying the application.