How Do I Change the Authentication Credentials for the AgilePoint NX Portal in the Server Configuration Files?

To change the credentials for your authentication provider for AgilePoint NX Portal, do the procedure in this topic.

Good to Know

  • You may need to complete this procedure in these conditions:
    • Your credentials expire with your authentication provider.
    • You change the primary authentication provider for AgilePoint NX Portal — for example, if you change from Salesforce authentication to SharePoint authentication.

How to Start

  1. In a text editor, open the file (NX Portal installation folder) C:\Program Files\AgilePoint\AgilePointWebApplication\AgilePointPortal\web.config.

Procedure

  1. In the file web.config, in the <appSettings> node, add or change the keys that are necessary for your authentication provider.

    Refer to the sections in this topic for the configuration information for each authentication provider.

  2. If you want to add or change the authentication providers that you use for the Portal, change the value of the ActiveAuthProviders key as necessary.
    Field NameDefinition

    ActiveAuthProviders

    Function:
    Specifies your authentication provider for AgilePoint NX Portal.
    Accepted Values:
    One or more authentication provider name, separated by semicolons (;)
    • ActiveDirectory - Specifies Active Directory authentication where the Active Directory runs in an on-premises environment.
    • HostedActiveDirectory - Specifies Active Directory authentication where the Active Directory runs in a hosted (private cloud) environment.
    • GooglePlus - Specifies Google Workspace authentication.
    • Salesforce - Specifies Salesforce authentication.
    • WAAD - Specifies authentication with Microsoft Azure Active Directory, Microsoft 365, or SharePoint for Microsoft 365.
    • ADFS - Specifies ADFS authentication.
    • ACS - Specifies Amazon Cognito authentication.
    • Okta - Specifies Okta authentication.
    • IdentityServer - Specifies IdentityServers authentication.
    • SiteMinder - Specifies SiteMinder authentication.
    • PingFederate - Specifies PingFederate authentication.
    • AgilePointID - Specifies AgilePoint NX authentication.

      AgilePoint ID is not supported in AgilePoint NX OnPremises.

    Default Value:

    <add key="ActiveAuthProviders" value="ActiveDirectory" />

    Example:
    An appSettings key in the following format:

    <add key="ActiveAuthProviders" value="AgilePointID;WAAD; ActiveDirectory;Salesforce; GooglePlus;ADFS;Okta;OIDC; SiteMinder;ACS" />

  3. Save the file.
  4. Restart the Windows service for the AgilePoint Server instance.

Microsoft Azure Active Directory / Microsoft 365 / SharePoint for Microsoft 365

These settings specify the credentials for Microsoft Azure Active Directory, Microsoft 365 or SharePoint for Microsoft 365.

Fields

Field NameDefinition

ClientID

Function:
Specifies the Microsoft application ID of the app you created or added in Microsoft Azure Active Directory.
Accepted Values:
An appSettings key in the following format:

<add key="ida:ClientID" value="[application ID from Microsoft Azure Active Directory]" />

Default Value:

<add key="ida:ClientID" value="" />

Example:
An appSettings key in the following format:

<add key="ida:ClientID" value="3f6v1555-6r9f-4124-995s-g61901550hk6" />

Password

Function:
Specifies your client secret ID of the app you added in Microsoft Azure Active Directory.
Accepted Values:
An appSettings key in the following format:

<add key="ida:Password" value="[client secret ID from Microsoft Azure Active Directory]" />

Default Value:

<add key="ida:Password" value="" />

Example:
An appSettings key in the following format:

<add key="ida:Password" value="DGR39B8NL29beem2itbxmJ5wDTVFRugHwektpoPChc0=" />

WCFAppID

Function:
Specifies the Microsoft Graph API URL for your language. The default value for this field is the value for the Microsoft Graph API in U.S. English. If you use a different language, see the Documentation from Microsoft to get the URL for your language..
Accepted Values:
An appSettings key in the following format:

<add key="ida:WCFAppID" value="[application ID URI from Microsoft Azure Active Directory]" />

Default Value:

<add key="ida:WCFAppID" value="" />

Example:
An appSettings key in the following format:

<add key="ida:WCFAppID" value="https://ap172.onmicrosoft.com/638tu092-e03c-41d0-s73h-38j0l79f7777" />

Salesforce

These settings specify the credentials for Salesforce.

Fields

Field NameDefinition

ClientID

Function:
Specifies the Consumer Key of the app you created or added in Salesforce.
Accepted Values:
An appSettings key in the following format:

<add key="sf:ClientID" value="[consumer key from Salesforce]" />

Default Value:

<add key="sf:ClientID" value="" />

Example:
An appSettings key in the following format:

<add key="sf:ClientID" value="3MV09szVs2RX" />

Password

Function:
Specifies the Consumer Secret of the app you created or added in Salesforce.
Accepted Values:
An appSettings key in the following format:

<add key="sf:Password" value="[key]" />

Default Value:

<add key="sf:Password" value="" />

Example:
An appSettings key in the following format:

<add key="sf:Password value="DGR39B8NL29beem2itbxmJ5wDTVFRugHwektpoPChc0=" />

Google Workspace

These settings specify the credentials for Google Workspace.

Fields

Field NameDefinition

ClientID

Function:
Specifies the client ID of the app you created or added in Google Workspace.
Accepted Values:
An appSettings key in the following format:

<add key="gp:ClientID" value="[client ID from Google]" />

Default Value:

<add key="gp:ClientID" value="" />

Example:
An appSettings key in the following format:

<add key="gp:ClientID" value="239330962649-smsrifcnpo33oglki4h757toav9tter8.apps.googleusercontent.com" />

ClientSecret

Function:
Specifies the Client Secret of the app you created or added in Google Workspace.
Accepted Values:
An appSettings key in the following format:

<add key="gp:ClientSecret" value="[client secret from Google]" />

Default Value:

<add key="gp:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="gp:ClientSecret" value="Ow2c4D9I5K-9_rv_iF4Di2Po" />

ADFS

These settings specify the credentials for ADFS.

Fields

Field NameDefinition

PortalClientId

Function:
Specifies the client ID of the portal you created or added in ADFS.
Accepted Values:
An appSettings key in the following format:

<add key="adfs:PortalClientId" value="[ClientID of your portal from ADFS]" />

Default Value:

<add key="adfs:PortalClientId" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:PortalClientId" value="573BBC65-F28C-4AA4-94ED-D4294D395C78" />

PortalResourceUri

Function:
Specifies the relying party trust URI for NX Portal in ADFS.
Accepted Values:
An appSettings key in the following format:

<add key="adfs:PortalResourceUri" value="[URI of the relying party trust identifier for your Portal]" />

Default Value:

<add key="adfs:PortalResourceUri" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:PortalResourceUri" value="https://mydomain.com/adfs/services/trust" />

Authority

Function:
Specifies the ADFS server URL.
Accepted Values:
An appSettings key in the following format:

<add key="adfs:Authority" value="[ADFS server URL]" />

Default Value:

<add key="adfs:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:Authority" value="https://adfs.mydomain.com" />

ServerClientId

Function:
Specifies the client ID of the server you created or added in ADFS.
Accepted Values:
An appSettings key in the following format:

<add key="adfs:Authority" value="[ClientID of your server from ADFS]" />

Default Value:

<add key="adfs:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:Authority" value="96E14D9B-6FCF-4BCD-9E0A-B30623AE1939" />

ServerResourceUri

Function:
Specifies the relying party trust URI for your server in ADFS.
Accepted Values:
An appSettings key in the following format:

<add key="adfs:ServerResourceUri" value="[The URI of the relying party trust identifier for your server]" />

Default Value:

<add key="adfs:ServerResourceUri" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:ServerResourceUri" value="96E14D9B-6FCF-4BCD-9E0A-B30623AE1939" />

Amazon Cognito

These settings specify the credentials for Amazon Cognito.

Prerequisites

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you created or added in Amazon Cognito.
Accepted Values:
An appSettings key in the following format:

<add key="acs:ClientId" value="[client ID from Amazon Cognito]" />

Default Value:

<add key="acs:ClientId" value="" />

Example:
An appSettings key in the following format:

<add key="acs:ClientId" value="2tmqdmcst123uchcfijtf4tgmd" />

Client Secret

Function:
Specifies the Client Secret of the app you created or added in Amazon Cognito.
Accepted Values:
An appSettings key in the following format:

<add key="acs:ClientSecret" value="[client secret from Amazon Cognito]" />

Default Value:

<add key="acs:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="acs:ClientSecret" value="8gkhk3v56oe6gq6irk7u1bghdjnc1ic8646skqb6kuu1ddk1r0r" />

Redirect URI

Function:
Specifies the URI of the page where the user is directed after your app is authorized in Amazon Cognito.
Accepted Values:
An appSettings key in the following format:

<add key="acs:RedirectURI" value="[AgilePoint Redirect URL]/signin-acs" />

Default Value:

<add key="acs:RedirectURI" value="" />

Example:
An appSettings key in the following format:

<add key="acs:RedirectURI" value="mysite.com/signin-acs" />

Authority

Function:
Specifies the Amazon Cognito server URL.
Accepted Values:
An appSettings key in the following format:

<add key="acs:Authority" value="[Amazon Cognito server URL]" />

Default Value:

<add key="acs:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="acs:Authority" value="https://cognito-idp.us-east-2.amazonaws.com/us-east-2_fALHTiv0x" />

Enable Auto Register User (Optional)

Function:
Specifies whether to enable or disable the auto register user in Amazon Cognito.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Function:
Specifies the information to the Amazon Cognito server for the authorization flow. The authorization flow includes the parameters that are returned from the Amazon Cognito endpoint.

For more information contact AgilePoint Professional Services.

Response Mode (Optional)

Function:
Specifies an optional OAuth authorization request parameter that informs the Amazon Cognito server to be used for returning authorization response parameters from the Amazon Cognito endpoint.

For more information contact AgilePoint Professional Services.

Scope (Optional)

Function:
Specifies to limit the access rights to an access token on the Amazon Cognito server.

For more information contact AgilePoint Professional Services.

Okta

These settings specify the credentials for Okta.

Prerequisites

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you created or added in Okta.
Accepted Values:
An appSettings key in the following format:

<add key="okta:OAuthClientId" value="[client ID from Okta]" />

Default Value:

<add key="okta:OAuthClientId" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OAuthClientId" value="0oabj6o2hQi5D6kk4282" />

Client Secret

Function:
Specifies the Client Secret of the app you created or added in Okta.
Accepted Values:
An appSettings key in the following format:

<add key="okta:OauthClientSecret" value="[client secret from Okta]" />

Default Value:

<add key="okta:OauthClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OauthClientSecret" value="1G56R2u8YxGvxkRUUUBg5tZDMxnidzIGvpz_xD53" />

Authority

Function:
Specifies the Okta server URL.
Accepted Values:
An appSettings key in the following format:

<add key="okta:OAuthAuthority" value="[Okta server URL]" />

Default Value:

<add key="okta:OAuthAuthority" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OAuthAuthority" value="https://dev-1111.oktapreview.com/oauth2/ausftgs9ksiLQkXk70h1" />

Redirect URI

Function:
Specifies the URI of the page where the user is directed after your app is authorized in Okta.
Accepted Values:
An appSettings key in the following format:

<add key="okta:OAuthRedirectUri" value="[AgilePoint Redirect URL]/signin/oktacallback" />

Default Value:

<add key="okta:OAuthRedirectUri" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OAuthRedirectUri" value="mysite.com/signin/oktacallback" />

Scope (Optional)

Function:
Specifies to limit the access rights to an access token on the Okta server.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Function:
Specifies the information to the Okta server for the authorization flow. The authorization flow includes the parameters that are returned from the Okta endpoint.

For more information contact AgilePoint Professional Services.

SiteMinder

These settings specify the credentials for CA SiteMinder.

Prerequisites

Fields

Field NameDefinition

Connection

Function:
Specifies the path for the LDAP filter connection.
Accepted Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Connection" value="[LDAP server connection string]" />

Default Value:

<add key="siteminder.LDAPFilter:Connection" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Connection" value="LDAP://190.168.1.142/DC=mydomain,DC=com" />

Username

Function:
Specifies the user name for the LDAP sever authentication account.
Accepted Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Username" value="[LDAP server authentication user name]" />

Default Value:

<add key="siteminder.LDAPFilter:Username" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Username" value="LdapAdministrator" />

Password

Function:
Specifies the password for the LDAP sever authentication account.
Accepted Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Password" value="[LDAP server authentication account password]" />

Default Value:

<add key="siteminder.LDAPFilter:Password" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Password" value="xxxxxxxxxxxxx" />

Mapping File Path

Function:
Specifies the file path for LDAP user synchronization.
Accepted Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:MappingFilePath" value="[user mapping file path]" />

Default Value:

<add key="siteminder.LDAPFilter:MappingFilePath" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:MappingFilePath" value="D:\LDAP\LDAPUserSyncTool\ADUserSync\LDAP\Mapping.json" />

Filter Template

Function:
Specifies the user filter condition on the LDAP server.
Accepted Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:FilterTemplate" value="(sAMAccountName=[user name])" />

Default Value:

<add key="siteminder.LDAPFilter:FilterTemplate" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:FilterTemplate" value="(sAMAccountName=JohnSmith)" />

Enable Auto Register User (Optional)

Function:
Specifies whether to enable or disable the auto register user in CA SiteMinder.

For more information contact AgilePoint Professional Services.

Username Header (Optional)

Function:
Specifies whether to check if the selected LDAP user contains a specific header.

For more information contact AgilePoint Professional Services.

IdentityServer

These settings specify the credentials for IdentityServer.

Prerequisites

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you created or added in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:ClientId" value="[client ID from IdentityServer]" />

Default Value:

<add key="oidc:ClientId" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:ClientId" value="0oabj6o2hQi5D6kk4282" />

Client Secret

Function:
Specifies the Client Secret of the app you created or added in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:ClientSecret" value="[client secret from IdentityServer]" />

Default Value:

<add key="oidc:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:ClientSecret" value="1G56R2u8YxGvxkRUUUBg5tZDMxnidzIGvpz_xD53" />

Redirect URI

Function:
Specifies the URI of the page where the user is directed after your app is authorized in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:RedirectURI" value="[AgilePoint redirect URL]/signin-oidc" />

Default Value:

<add key="oidc:RedirectURI" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:RedirectURI" value="mysite.com/signin-oidc" />

Authority

Function:
Specifies the IdentityServer server URL.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:Authority" value="[Identity Server URL]" />

Default Value:

<add key="oidc:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:Authority" value="https://idserver.mydomain.com" />

Email Claim Type

Function:
Specifies the user's e-mail address for an e-mail claim type in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:EmailClaimType" value="[e-mail address]" />

Default Value:

<add key="oidc:EmailClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:EmailClaimType" value="admin@mydomain.com" />

Full Name Claim Type

Function:
Specifies the user's full name for a full name claim type in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:FullNameClaimType" value="[user full name]" />

Default Value:

<add key="oidc:FullNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:FullNameClaimType" value="John Smith" />

Given Name Claim Type

Function:
Specifies the user's first name for a given name claim type in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:GivenNameClaimType" value="[user first name]" />

Default Value:

<add key="oidc:GivenNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:GivenNameClaimType" value="John" />

Surname Claim Type

Function:
Specifies the user's last name for a surname claim type in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:SurnameClaimType" value="[user last name]" />

Default Value:

<add key="oidc:SurnameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:SurnameClaimType" value="Smith" />

User Name Claim Type

Function:
Specifies the name of the user for a user name claim type in IdentityServer.
Accepted Values:
An appSettings key in the following format:

<add key="oidc:UserNameClaimType" value="[user name]" />

Default Value:

<add key="oidc:UserNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:UserNameClaimType" value="John" />

Organization ID Claim Type (Optional)

Function:
Specifies the IdentityServer organization ID for an organization ID claim type.

For more information contact AgilePoint Professional Services.

Scope (Optional)

Function:
Specifies to limit the access rights to an access token on the IdentityServer server.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Function:
Specifies the information to Identity Server for the authorization flow. The authorization flow includes the parameters that are returned from the Identity Server endpoint.

For more information contact AgilePoint Professional Services.

Login Button Text (Optional)

Function:
Specifies a label for the IdentityServer login button.

For more information contact AgilePoint Professional Services.

Login Button ToolTip (Optional)

Function:
Specifies a tooltip for the IdentityServer login button.

For more information contact AgilePoint Professional Services.

Enable Auto Register User (Optional)

Function:
Specifies whether to enable or disable the auto register user in IdentityServer.

For more information contact AgilePoint Professional Services.

PingFederate

These settings specify the credentials for PingFederate.

Prerequisites

Fields

Field NameDefinition

Client ID

Function:
Specifies the client ID of the app you created or added in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:ClientId" value="[client ID from PingFederate]" />

Default Value:

<add key="pingfed:ClientId" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:ClientId" value="0oabj6o2hQi5D6kk4282" />

Client Secret

Function:
Specifies the Client Secret of the app you created or added in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:ClientSecret" value="[client secret from PingFederate]" />

Default Value:

<add key="pingfed:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:ClientSecret" value="1G56R2u8YxGvxkRUUUBg5tZDMxnidzIGvpzxD53" />

Redirect URI

Function:
Specifies the URI of the page where the user is directed after your app is authorized in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:RedirectURI" value="[AgilePoint redirect URL]/signin-ping" />

Default Value:

<add key="pingfed:RedirectURI" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:RedirectURI" value="https://mysite.com/signin-ping" />

Authority

Function:
Specifies the PingFederate server URL.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:Authority" value="[PingFederate URL]" />

Default Value:

<add key="pingfed:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:Authority" value="https://pingfed.mydomain.com" />

E-mail Claim Type

Function:
Specifies the user's e-mail address for an e-mail claim type in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:EmailClaimType" value="[e-mail address]" />

Default Value:

<add key="pingfed:EmailClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:EmailClaimType" value="admin@mydomain.com" />

Full Name Claim Type

Function:
Specifies the user's full name for a full name claim type in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:FullNameClaimType" value="[user full name]" />

Default Value:

<add key="pingfed:FullNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:FullNameClaimType" value="John Smith" />

Given Name Claim Type

Function:
Specifies the user's first name for a given name claim type in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:GivenNameClaimType" value="[user first name]" />

Default Value:

<add key="pingfed:GivenNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:GivenNameClaimType" value="John" />

Surname Claim Type

Function:
Specifies the user's last name for a surname claim type in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:SurnameClaimType" value="[user last name]" />

Default Value:

<add key="pingfed:SurnameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:SurnameClaimType" value="Smith" />

User Name Claim Type

Function:
Specifies the name of the user for a user name claim type in PingFederate.
Accepted Values:
An appSettings key in the following format:

<add key="pingfed:UserNameClaimType" value="[user name]" />

Default Value:

<add key="pingfed:UserNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:UserNameClaimType" value="John" />

Organization ID Claim Type (Optional)

Function:
Specifies the PingFederate organization ID for an organization ID claim type.

For more information contact AgilePoint Professional Services.

Scope (Optional)

Function:
Specifies to limit the access rights to an access token on the PingFederate server.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Function:
Specifies the information to the PingFederate server for the authorization flow. The authorization flow includes parameters that are returned from the PingFederate endpoint.

For more information contact AgilePoint Professional Services.

Sign-In Button Text (Optional)

Function:
Specifies a label for the PingFederate sign-in button.

For more information contact AgilePoint Professional Services.

Sign-In Button Tool Tip (Optional)

Function:
Specifies a tool tip for the PingFederate sign-in button.

For more information contact AgilePoint Professional Services.

Enable Auto Register User (Optional)

Function:
Specifies whether to enable or disable the auto register user in PingFederate.

For more information contact AgilePoint Professional Services.