Built In User Accounts
Built In User Accounts are user accounts that are created and managed directly within Novunex.
Multifactor Authentification
Multifactor Authentification (MFA)- Increases the security of Novunex accounts by requiring a second verification method in addition to the password when logging in.
For more information on MFA, click here.
Azure AD User Accounts
Azure Active Directory (Azure AD) is Microsoft’s enterprise cloud-based identity and access management service. It allows you to securely authenticate and authorize users across internal and external applications, including the Novunex platform.
Authority (Tenant Authorization Endpoint)
Example:
https://login.microsoftonline.com/{Directory-ID}
Directory-ID(Tenant ID) — This is the unique identifier of your Azure AD tenant (organization). It specifies the directory your application should authenticate against.
Why it matters:
The Authority URL defines the endpoint your application will use to request authentication tokens. It ensures your app is communicating with the correct Azure tenant.
How to locate it:
- Sign in to the Azure Portal.
- Go to Azure Active Directory > Overview.
- Look for Tenant ID — this is your
Directory-ID.
Client ID (Application Identifier)
Client-ID— A globally unique identifier assigned to your Azure AD application registration.
Why it matters:
This ID is required during the OAuth authentication flow to identify the specific application requesting access. Without it, Azure cannot determine which app is initiating the connection.
How to locate it:
- In the Azure Portal, navigate to Azure Active Directory > App registrations.
- Select your registered application.
- The Application (client) ID field displays the required
Client-ID.
Azure User Claim (User Identifier Claim)
Example:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Claim— Defines which attribute from the user’s Azure AD profile will be used as the unique identifier during authentication.
Why it matters:
The claim is used to identify the authenticated user in your application. For example, using the name claim maps the Azure username to the identity used within Novunex.
Default option:
name— User’s full display name
Client Secret (Application Secret Key)
Secret— A confidential string that acts like a password for your application when requesting tokens from Azure AD.
Why it matters:
The client secret is a critical security credential used in the authentication flow. It proves the identity of your app and must be kept strictly confidential.
How to generate and retrieve it:
- Go to Azure Active Directory > App registrations.
- Select your application, then click Certificates & secrets.
- Under Client secrets, click “New client secret”.
- Add a description and choose an expiration period, then click Add.
- Important: Immediately copy the Value field. It will be shown only once and cannot be retrieved again later.
Recommendation: Store the secret securely (e.g., in Azure Key Vault or a secure password manager).
Token Endpoint (OAuth 2.0 Token URL)
Example:
https://login.microsoftonline.com/{Directory-ID}/oauth2/v2.0/token
Token Endpoint— The endpoint where your application sends authentication requests to receive access tokens from Azure AD.
Why it matters:
This is a required URL in the OAuth 2.0 flow. It allows your app to exchange credentials (Client ID and Secret) for an access token, which is then used to authenticate API calls.
How to configure it:
- Replace
{Directory-ID}in the URL with your actual Tenant ID. - This endpoint format is standardized by Microsoft and can be confirmed in the Azure documentation or directly within your app registration setup.
Note:
Make sure the scope and grant type in your token request align with the permissions configured for your Azure AD app.
Creating an Azure AD App Registration
This guide outlines the steps required to register an application in Azure Active Directory (Azure AD) to enable authentication and API integration with the Novunex Platform using OpenID Connect (OIDC).
Step 1: Register a New Application
-
Sign in to the Azure Portal.
-
Navigate to Azure Active Directory > App registrations.
-
Click “New registration”.
-
Fill in the required fields:
- Name: Choose a name that clearly identifies the application, e.g.,
Novunex OIDC Integration. - Supported account types:
- Select Accounts in this organizational directory only (Single tenant) unless a multi-tenant setup is explicitly required.
- Redirect URI (optional at this step):
-
Choose Web and enter the following URI:
https://<oauth-host>.novunex.app/signin-oidc-<novunex-account-guid>Replace
<oauth-host>and<novunex-account-guid>with values provided by Novunex support.
-
- Name: Choose a name that clearly identifies the application, e.g.,
-
Click Register to create the app.
Step 2: Configure Redirect URIs
- In the newly registered app, navigate to Authentication.
- Under Redirect URIs, ensure the following URI is listed:
https://<oauth-host>.novunex.app/signin-oidc-<novunex-account-guid>
. In the Implicit grant and hybrid flows section:
- Enable ID tokens (used for implicit and hybrid flows).
- Enable Access tokens if your application requires API access beyond authentication (optional based on use case).
- Click Save.
Step 3: Assign API Permissions
- Go to API permissions > Add a permission.
- Select Microsoft Graph > Delegated permissions.
- Add the following minimum required permission:
User.Read(used for basic user profile access)
- If your application needs to interact with Azure AD groups (e.g., to manage access or provisioning), add:
Group.ReadWrite.All(or other necessary permissions depending on your use case)
-
Click Add permissions.
-
Under Grant admin consent for [Your Tenant], click Grant admin consent to apply the permissions tenant-wide.
Note: Admin consent is required for tenant-wide use of delegated permissions like
User.Read.
Step 4: Generate a Client Secret
- Go to Certificates & secrets.
- Under Client secrets, click “New client secret”.
- Add a description (e.g.,
Novunex Integration Secret) and choose an appropriate expiration period. - Click Add.
- Copy the generated value immediately — it is only visible once and will be used as your client secret.
Additional Notes
- The redirect URI must exactly match what is configured in Azure AD; otherwise, login will fail.
- Always store your client secret securely (e.g., in Azure Key Vault).
- If you are unsure about the OAuth server URL or account GUID, contact Novunex support for assistance.