FlexiSpooler Server HTTP authentication configuration (Azure AD)

The following guides provide step-by-step instructions on how to configure and enable HTTP authentication on FlexiSpooler. At this moment, only Azure Active Directory authentication is supported.

In order to enable Azure Active Directory HTTP authentication, follow the next steps.

Add FlexiSpooler Client application into AD
1. Login to your company Azure account
2. Select your Active Directory
  1. Open Application Tab and click Add
  2. Choose Add an application my organization is developing
  3. Fill in Name: for example Konica Minolta FlexiSpooler Client
  4. Choose Type: NATIVE CLIENT APPLICATION
  5. Set REDIRECT URI: https://login.live.com/oauth20_desktop.srf
  6. Save
Add FlexiSpooler Non-Spooling Server application into AD
1. Login to your company Azure account
2. Select your Active Directory
  1. Open Application Tab and click Add
  2. Choose Add an application my organization is developing
  3. Fill in Name: for example Konica Minolta FlexiSpooler Non-Spooling Server
  4. Choose Type: WEB APPLICATION AND/OR WEB API
  5. Set APP ID URI, which identifies the application, for example: https://ysoftcorporation.onmicrosoft.com/flexispoolerserver
  6. Set SIGN-ON URL to the same value as APP ID URI
  7. Save
Set permission for Konica Minolta FlexiSpooler Client to access Konica Minolta FlexiSpooler Non-Spooling Server
1. Select Konica Minolta FlexiSpooler Client application registration in company's Active Directory
2. Open Configure tab
3. Find section permission to other applications and click Add application
  1. Set SHOW to All Apps and Apply filter
  2. Click '+' next to Konica Minolta FlexiSpooler Non-Spooling Server and Save
  3. In the section permission to other application set Delegated Permission to Access Konica Minolta FlexiSpooler Non-Spooling Server
4. Click SAVE
Find configuration for FlexiSpooler Non-Spooling Server
1. Select YSoft FlexiSpooler Client application registration in company's Active Directory
2. Open Configure tab
3. Find and store somewhere (for example notepad):
  1. CLIENT ID
  2. REDIRECT URI
4. Go back and s elect Konica Minolta FlexiSpooler Non-Spooling Server application registration in company's Active Directory
5. Open Configure tab
6. Find and store:
  1. APP ID URI
7. Go to Applications tab of company's Active Directory
  1. At the bottom, click on button VIEW ENDPOINTS
  2. Find and store OAuth 2.0 Token Endpoint
8. Store Active Directory's Tenant > company's instance of AD; for example, if AD is named MOJ Concept, AD Tenant is mojconcept.onmicrosoft.com
Create and save configuration
1. You should have stored 5 required configuration values
  1. CLIENT ID
  2. REDIRECT URI
  3. APP ID URI
  4. OAuth 2.0 Token Endpoint
  5. AD Tenant
2. You can now create configuration values for spooler.config, stored in FlexiSpooler Non-Spooling Server
  
  "azureNativeClientRedirectUri": "https://login.live.com/oauth20_desktop.srf",
  
  "azureNativeClientId": "de711fde-11aa-4910-9f15-d5e853129efc",
  
  "azureApplicationIdUri": "https://mojconcept.onmicrosoft.com/flexispoolerserver",
  
  "azureActiveDirectoryAuthorizationEndpoint": "https://login.microsoftonline.com/2573df81-c00d-4172-8ce7-9deb6e7252b9/oauth2/token",
  
  "azureActiveDirectoryTenant": "mojconcept.onmicrosoft.com",
  
  "httpAuthenticationMethod": "azureActiveDirectory"
3. And append spooler.config, so the final config looks like:
  
  {
  
  "jobStorePath": "JobStore",
  
  "isServer": "true",
  
  "azureNativeClientRedirectUri": "https://login.live.com/oauth20_desktop.srf",
  
  "azureNativeClientId": "de711fde-11aa-4910-9f15-d5e853129efc",
  
  "azureApplicationIdUri": "https://mojconcept.onmicrosoft.com/flexispoolerserver",
  
  "azureActiveDirectoryAuthorizationEndpoint": "https://login.microsoftonline.com/2573df81-c00d-4172-8ce7-9deb6e7252b9/oauth2/token",
  
  "azureActiveDirectoryTenant": "mojconcept.onmicrosoft.com",
  
  "httpAuthenticationMethod": "azureActiveDirectory"
  
  }