How to setup MFA in ODOO with MS365 integration

  • هذا الموضوع فارغ.
  • Post
    • ديسمبر 15, 2024 الساعة 5:52 م
    Weekend Wiki
    مدير عام
    To set up Multi-Factor Authentication (MFA) for Odoo with Azure integration for Microsoft 365 users, follow these steps. This setup will allow Odoo to authenticate users via Azure Active Directory (AAD) and enforce MFA policies configured in Azure.

    1. Prerequisites

    1. Azure Active Directory Premium P1 or P2 License: Ensure you have the appropriate Azure AD subscription to configure conditional access and MFA policies.
    2. Odoo Enterprise Edition: Required for OAuth2 integration with Azure AD (via the Odoo Single Sign-On feature).
    3. Admin Access to both Azure Portal and Odoo.

    2. Register Odoo as an App in Azure

    1. Log in to the Azure Portal.
    2. Navigate to Azure Active Directory > App registrations.
    3. Click New registration:
      • Name: Enter a name for your app, e.g., “Odoo Integration”.
      • Supported account types: Choose “Accounts in this organizational directory only” for internal users.
      • Redirect URI: Select “Web” and enter your Odoo instance URL with the /auth_oauth/signin endpoint, e.g.: 
        https://your-odoo-instance.com/auth_oauth/signin
    4. Click Register.

    3. Configure the App in Azure

    1. In the newly registered app, go to Authentication:
      • Add your Odoo instance URL as a redirect URI (if not already added).
      • Enable Access tokens and ID tokens under “Implicit grant and hybrid flows.”
      • Click Save.
    2. Go to Certificates & Secrets:
      • Create a New client secret.
      • Note down the secret value (it will be used in Odoo).
    3. Go to API Permissions:
      • Add the following Microsoft Graph permissions:
        • Delegated permissions:
          • openid
          • profile
          • email
      • Grant admin consent for the permissions.

    4. Set Up MFA in Azure AD

    1. Go to Azure Active Directory > Security > Conditional Access.
    2. Create a New policy:
      • Name: e.g., “Enforce MFA for Odoo”.
      • Assignments:
        • Users and groups: Select the group of users who will access Odoo.
        • Cloud apps or actions: Select your registered Odoo app.
      • Access controls: Under “Grant”, select “Require multi-factor authentication”.
    3. Enable the policy and click Save.

    5. Configure Odoo for Azure Integration

    1. In Odoo, go to Settings > General Settings.
    2. Under the OAuth Authentication section:
      • Enable Microsoft as a provider.
      • Enter the following details from Azure:
        • Client ID: From the Azure app registration.
        • Client Secret: The client secret you created in Azure.
        • Endpoint URLs:
          • Authorization URL: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize
          • Token URL: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
          • Replace {tenant-id} with your Azure AD tenant ID.
    3. Save the configuration.

    6. Test the Integration

    1. Log out of Odoo and attempt to log in with the Microsoft sign-in option.
    2. You will be redirected to the Microsoft login page. Enter your credentials.
    3. If MFA is enabled for the account, Azure will prompt for the second authentication factor (e.g., SMS, Microsoft Authenticator, or hardware key).

    7. Enforce MFA for All Odoo Users

    To ensure all Odoo users authenticate via Azure and MFA:

    • Disable local login methods for users.
    • Ensure all users are part of the Azure AD directory.

    This setup ensures secure access to Odoo with MFA policies enforced via Azure AD for Microsoft 365 users. Let me know if you need detailed help with any step!

    For consulting email us at [email protected]

  • يجب تسجيل الدخول للرد على هذا الموضوع.
arArabic
en_USEnglish arArabic