All versions of this manual
X
Welcome to Linkurious administration manual v4.2.5. Use the menu to access other documentations.
  1. Introduction
  2. FAQ
  3. Getting started
    1. Version support policy
    2. Release notes
    3. Client requirements
    4. Graph DB Feature Map
  4. Deploying on premise
    1. Technical requirements
    2. Downloading
    3. Installing
    4. Starting Linkurious
    5. Stopping Linkurious
    6. Cluster mode
  5. Configuring
  6. Troubleshooting
    1. Checking Linkurious status
    2. Reading the logs
    3. Getting support
    4. Managing licenses
    5. Vulnerabilities
  7. Importing graph data
    1. Neo4j
    2. Memgraph
    3. Amazon Neptune
    4. Cosmos DB
    5. Spanner Graph
    6. Updating your graph data
  8. Updating Linkurious
    1. Checking for updates
    2. Backing up your data
    3. Update procedure
  9. Configuring data-sources
    1. Neo4j
    2. Amazon Neptune
    3. Memgraph
    4. Google Spanner
    5. Cosmos DB
    6. Alternative IDs
    7. Merging data-sources
    8. Advanced settings
  10. Resource management
    1. Managing spaces
    2. Managing tags
  11. Search index
    1. Search Option Comparison
    2. Neo4j Search
    3. Elasticsearch
    4. Neptune Search
    5. Google Spanner Search
    6. Azure Search
    7. Incremental Indexing
    8. Numerical/Date search
  12. User-data store
    1. Migrating to an external database
    2. Backing-up your store
  13. Web server
  14. Authentication
    1. Getting started
    2. LDAP / Active Directory
    3. SSO with Azure
    4. SSO with Google
    5. SSO with OpenID Connect
    6. SSO with SAML2 / ADFS
    7. Configuration
  15. Access control
    1. Managing users
    2. Managing groups
    3. Standard access-rights
    4. Property-key access-rights
  16. Guest mode
    1. Guest mode
  17. Data Schema
    1. Property types
    2. Hiding data
    3. Strict mode
  18. Alerts
    1. Configuration
  19. Entity resolution
    1. Requirements
    2. Installing
    3. Configuring
    4. Accessing Entity Resolution
    5. Managing mappings
    6. Running Entity Resolution
    7. Viewing Results and explanations
    8. Node Grouping and Collapsing
    9. Managing the license
    10. Troubleshooting tips
  20. Email Notifications
    1. Configuration
  21. Visualizations appearance
    1. Default styles
    2. Default captions
    3. Default properties order
    4. Geographic tiles
  22. Audit trail
    1. Log format
  23. Webhooks
  24. Observability
  25. Plugins
  26. Deep link
 

Authentication: SSO with Azure

Linkurious Enterprise supports SSO authentication via Microsoft Entra ID (formerly known as "Azure Active Directory" or "Azure AD").

Configuration

To set up Linkurious Enterprise authentication with Microsoft Entra ID, follow these steps:

  1. On the Azure Portal, in the "Microsoft Entra ID" section, under Add > App Registration, create a new App called Linkurious
  2. Assign the Directory.Read.All access right to the new app (notice: an Azure admin's approval is needed)
  3. From the Azure Portal, find the following parameters:
    • authorizationURL, e.g. https://login.microsoftonline.com/60d78xxx-xxxx-xxxx-xxxx-xxxxxx9ca39b/oauth2/v2.0/authorize
    • tokenURL, e.g. https://login.microsoftonline.com/60d78xxx-xxxx-xxxx-xxxx-xxxxxx9ca39b/oauth2/v2.0/token
    • clientID, e.g. 91d426e2-xxx-xxxx-xxxx-989f89b6b2a2
    • clientSecret, e.g. gt7BHSnoIffbxxxxxxxxxxxxxxxxxxtyAG5xDotC8I=
  4. Add or edit the existing oauth2 section inside the access section in linkurious/data/config/production.json

Example access.oauth2 configuration with Microsoft Azure Active Directory:

"access": {
  // [...]
  "oauth2": {
    "enabled": true,
    "provider": "azure",
    "authorizationURL": "https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/v2.0/authorize",
    "tokenURL": "https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/v2.0/token",
    "clientID": "XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXXX",
    "clientSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
  }
}

Note: Starting from version 4.2.1, Linkurious Enterprise automatically updates the OAuth2 token and authorization URLs to use the v2.0 endpoints:

  • https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/token
  • https://login.microsoftonline.com/TENANT_ID/oauth2/v2.0/authorize

If your configuration uses the previous URLs (/oauth2/token or /oauth2/authorize), they will be automatically updated at launch.

OAuth2 redirect URL

The OAuth2 redirect URL of Linkurious Enterprise is the following: http(s)://HOST:PORT/api/auth/sso/return.

When setting the redirect URL, you need to choose a platform inside the application in Azure Active Directory. The right platform to choose is Web (and not Single Page application).