This guide provides documentation for the AWS version of Wickr. If you’re using the local version of Wickr, see the Enterprise Administration Guide.
Translations are generated via machine translation. In the event of a conflict between the content of a translation and the original English version, the latter will prevail.
AWSWickr can be configured to use Microsoft Entra (Azure AD) as your identity provider. To do this, complete the following procedures in both Microsoft Entra and the AWS Wickr admin console.
Once SSO is enabled on a network, it will log active users out of Wickr and force them to reauthenticate using the provider. SSO
Complete the following steps to register AWS Wickr as an application in Microsoft Entra.
In the navigation pane, choose Applicationsthen choose App registrations.
On the page App recordingsyou choose Register an applicationthen enter the application name.
Select Accounts only in this organizational directory (default directory only – Single Tenant).
In URI redirectionselect Webthen enter the following web address:.
URI redirection can also be copied from the SSO configuration settings in the AWS Wickr admin console.
You choose Register.
After registration, copy/save the generated application (client) ID.
Select the tab Endpoints to take note of the following:
Oauth 2.0 (v2) authorization endpoint: For example:
Edit this value to remove ‘oauth2/» and «authorize». For example, URL fixed will look like this:
This will be named SSOEmittente.
Complete the following steps to set up authentication in Microsoft Sign in.
In the navigation pane, choose Authentication.
On the page authenticationmake sure that the URI web redirect is the same as previously entered (in Register AWS Wickr as an application).
Select the access tokens used for implicit flows ei ID tokens used for implicit flows and hybrids.
Select Salva.
Complete the following steps to set up certificates and secrets in Microsoft Sign in.
In the navigation pane, choose Certificates and secrets.
On the page Certificates and secretsselect the tab Client secrets.
In the tab Client secretsselect New client secret.
Enter a description and select an expiration period for the secret.
You choose Add.
After creating the certificate, copy the client secret value.
The client secret value (not the secret ID) will be required for the client application code. You may not be able to view or copy the secret value after leaving this page. If you don’t copy it now, you’ll have to go back to create a new client secret.
Complete the following steps to set up token configuration in Microsoft Sign in.
In the navigation pane, choose Token configuration.
On the page token configurationyou choose Add optional complaint.
In Optional complaintsselect the token type come ID.
After selecting IDin Claimselect email e upn.
You choose Add.
Complete the following steps to configure API permissions in Microsoft Sign In.
In the navigation pane, choose APIpermissions.
On the page APIpermissionsyou choose Add aauthorization.
Select Microsoft Graphthen select Delegated permissions.
Select the checkbox for email, offline_access, openidprofile.
You choose Add permissions.
Complete the following steps to expose an API for each of the 4 scopes in Microsoft Sign In.
In the navigation pane, choose Expose a. API
In the API page Expose a scopeyou choose Add a scope.
The URI application ID must be auto-populated and the ID following the URI must match theApplication ID (created in Register AWS Wickr come application).
Select Save and continue.
Select the tag Administrators and usersthen enter the scope name as offline_access.
Select Statethen select Enable.
You choose Add scope.
Repeat steps 1 through 6 in this section to add the following scopes: email, openid e profile.
In Authorized client applicationsyou choose Add a client application.
Select all four scopes created in the previous step.
Enter or verify theApplication (client) ID.
You choose Add application.
Complete the following setup steps in the AWS Wickr console.
In the Networks pagechoose the link Administrator to access the Wickr admin console for that network.
In the navigation panel of the Wickr admin console, choose Network settings, then choose Configuration. SSO
In Network Endpointmake sure that the URI redirection matches the following web address (added in step 4 in Registra AWS Wickr as an application).
.
In SSO Setup, choose Start
Enter the following details:
SSOEmittente: This is the endpoint that has been changed previously (e.g.).
SSOID client: it’s about theApplication (client) ID displayed in the Overview pane.
Company ID: Can be a unique text value that includes alphanumeric characters and underscores. This phrase is what users will enter when signing up on new devices.
Client Secret: this is the client secret in the panel Certificates and secrets.
Scopes: these are the names of the scopes displayed in the box Expose an API. Enter email, profile, offline_access e openid.
Custom username scope: enter upn.
The other fields are optional.
You choose Try and save.
Select Salva.
SSConfiguration is complete. To check, you can now add a user to the application in Microsoft Sign in and sign in with the user using SSO a company ID.
For more information about inviting and onboarding users, see Create and invite users.
Below are the most common problems you may encounter and tips for fixing them.
SSO Connection test fails or is unresponsive:
The connection test is successful, but the user is unable to log in:
Make sure the user is added to the Wickr application you registered in Microsoft Sign In.
Make sure the user is using the correct company ID, including the prefix. For example UE1- DemoNetwork w_Drqtva.
Il Client Secret may not be set correctly in your Wickr configuration. AWS SSO Reset it by creating another one client secret in Microsoft Go in and set up the new client secret in the configuration of Wickr SSO.