When the value of the LGNCON install parameter is set to ROPC, the web service authentication happens using the OpenID Connect Resource Owner Password Grant authentication flow. The following section details about the configuration required in EAM to support ROPC.
-
Complete the configuration as described in the Configuring HxGN EAM application with OpenID Connect details of Azure AD.
-
Copy the value of the token_endpoint and set it as the value of the Token End Point field on the SSO Configuration screen in the EAM application. The token_endpoint can be obtained from Metadata URI of Azure AD.
-
Set the value of the Scope field on the SSO Configuration screen of the EAM application to openid profile.
There is a space between openid and profile.
-
Set the value of the Client Password field on the SSO Configuration screen of the EAM application to the client secret generated in the Configuring OpenID Connect confidential client in Azure AD section.
ROPC will only work if MFA is not enabled for the user.