How Do I Change the Authentication Credentials for the AgilePoint NX Portal in the Server Configuration Files?

To change the credentials for your authentication provider for AgilePoint NX Portal, do the procedure in this topic.

Good to Know

  • You may need to complete this procedure in these conditions:
    • Your credentials expire with your authentication provider.
    • You change the primary authentication provider for AgilePoint NX Portal — for example, if you change from Salesforce authentication to SharePoint authentication.

How to Start

  1. In a text editor, open this file:

    (NX Portal installation folder - v9.0 and higher) C:\Program Files\AgilePoint\AgilePointPortalInstance\config\web.yaml

Procedure

  1. In the file web.config, in the <appSettings> node, add or change the keys that are necessary for your authentication provider.

    Refer to the sections in this topic for the configuration information for each authentication provider.

  2. If you want to add or change the authentication providers that you use for the Portal, change the value of the ActiveAuthProviders key as necessary.
    Field NameDefinition

    ActiveAuthProviders

    Description:
    Specifies your authentication provider for AgilePoint NX Portal.
    Allowed Values:
    One or more authentication provider name, separated by semicolons (;)
    • ActiveDirectory - Specifies Active Directory authentication where the Active Directory runs in an on-premises environment.
    • HostedActiveDirectory - Specifies Active Directory authentication where the Active Directory runs in a hosted (private cloud) environment.
    • GooglePlus - Specifies Google Workspace authentication.
    • Salesforce - Specifies Salesforce authentication.
    • WAAD - Specifies authentication with Microsoft Azure Active Directory, Microsoft 365, or SharePoint for Microsoft 365.
    • ADFS - Specifies ADFS authentication.
    • ACS - Specifies Amazon Cognito authentication.
    • Okta - Specifies Okta authentication.
    • IdentityServer - Specifies IdentityServers authentication.
    • SiteMinder - Specifies SiteMinder authentication.
    • PingFederate - Specifies PingFederate authentication.
    • AgilePointID - Specifies AgilePoint NX authentication.

      AgilePoint ID is not supported in AgilePoint NX OnPremises.

    Default Value:

    <add key="ActiveAuthProviders" value="ActiveDirectory" />

    Example:
    An appSettings key in the following format:

    <add key="ActiveAuthProviders" value="AgilePointID;WAAD; ActiveDirectory;Salesforce; GooglePlus;ADFS;Okta;OIDC; SiteMinder;ACS" />

  3. Save the file.
  4. Restart the Windows service for the AgilePoint Server instance.

Microsoft Azure Active Directory / Microsoft 365 / SharePoint for Microsoft 365

These settings specify the credentials for Microsoft Azure Active Directory, Microsoft 365 or SharePoint for Microsoft 365.

Fields

Field NameDefinition

ClientID

Description:
Specifies the Microsoft application ID of the app you created or added in Microsoft Azure Active Directory.
Allowed Values:
An appSettings key in the following format:

<add key="ida:ClientID" value="[application ID from Microsoft Azure Active Directory]" />

Default Value:

<add key="ida:ClientID" value="" />

Example:
An appSettings key in the following format:

<add key="ida:ClientID" value="3f6v1555-6r9f-4124-995s-g61901550hk6" />

Password

Description:
Specifies your client secret ID of the app you added in Microsoft Azure Active Directory.
Allowed Values:
An appSettings key in the following format:

<add key="ida:Password" value="[client secret ID from Microsoft Azure Active Directory]" />

Default Value:

<add key="ida:Password" value="" />

Example:
An appSettings key in the following format:

<add key="ida:Password" value="DGR39B8NL29beem2itbxmJ5wDTVFRugHwektpoPChc0=" />

WCFAppID

Description:
Specifies the Microsoft Graph API URL for your language. The default value for this field is the value for the Microsoft Graph API in U.S. English. If you use a different language, see the Documentation from Microsoft to get the URL for your language..
Allowed Values:
An appSettings key in the following format:

<add key="ida:WCFAppID" value="[application ID URI from Microsoft Azure Active Directory]" />

Default Value:

<add key="ida:WCFAppID" value="" />

Example:
An appSettings key in the following format:

<add key="ida:WCFAppID" value="https://ap172.onmicrosoft.com/638tu092-e03c-41d0-s73h-38j0l79f7777" />

Salesforce

These settings specify the credentials for Salesforce.

Fields

Field NameDefinition

ClientID

Description:
Specifies the Consumer Key of the app you created or added in Salesforce.
Allowed Values:
An appSettings key in the following format:

<add key="sf:ClientID" value="[consumer key from Salesforce]" />

Default Value:

<add key="sf:ClientID" value="" />

Example:
An appSettings key in the following format:

<add key="sf:ClientID" value="3MV09szVs2RX" />

Password

Description:
Specifies the Consumer Secret of the app you created or added in Salesforce.
Allowed Values:
An appSettings key in the following format:

<add key="sf:Password" value="[key]" />

Default Value:

<add key="sf:Password" value="" />

Example:
An appSettings key in the following format:

<add key="sf:Password value="DGR39B8NL29beem2itbxmJ5wDTVFRugHwektpoPChc0=" />

Google Workspace

These settings specify the credentials for Google Workspace.

Fields

Field NameDefinition

ClientID

Description:
Specifies the client ID of the app you created or added in Google Workspace.
Allowed Values:
An appSettings key in the following format:

<add key="gp:ClientID" value="[client ID from Google]" />

Default Value:

<add key="gp:ClientID" value="" />

Example:
An appSettings key in the following format:

<add key="gp:ClientID" value="239330962649-smsrifcnpo33oglki4h757toav9tter8.apps.googleusercontent.com" />

ClientSecret

Description:
Specifies the Client Secret of the app you created or added in Google Workspace.
Allowed Values:
An appSettings key in the following format:

<add key="gp:ClientSecret" value="[client secret from Google]" />

Default Value:

<add key="gp:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="gp:ClientSecret" value="Ow2c4D9I5K-9_rv_iF4Di2Po" />

ADFS

These settings specify the credentials for ADFS.

Fields

Field NameDefinition

PortalClientId

Description:
Specifies the client ID of the portal you created or added in ADFS.
Allowed Values:
An appSettings key in the following format:

<add key="adfs:PortalClientId" value="[ClientID of your portal from ADFS]" />

Default Value:

<add key="adfs:PortalClientId" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:PortalClientId" value="573BBC65-F28C-4AA4-94ED-D4294D395C78" />

PortalResourceUri

Description:
Specifies the relying party trust URI for NX Portal in ADFS.
Allowed Values:
An appSettings key in the following format:

<add key="adfs:PortalResourceUri" value="[URI of the relying party trust identifier for your Portal]" />

Default Value:

<add key="adfs:PortalResourceUri" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:PortalResourceUri" value="https://mydomain.com/adfs/services/trust" />

Authority

Description:
Specifies the ADFS server URL.
Allowed Values:
An appSettings key in the following format:

<add key="adfs:Authority" value="[ADFS server URL]" />

Default Value:

<add key="adfs:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:Authority" value="https://adfs.mydomain.com" />

ServerClientId

Description:
Specifies the client ID of the server you created or added in ADFS.
Allowed Values:
An appSettings key in the following format:

<add key="adfs:Authority" value="[ClientID of your server from ADFS]" />

Default Value:

<add key="adfs:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:Authority" value="96E14D9B-6FCF-4BCD-9E0A-B30623AE1939" />

ServerResourceUri

Description:
Specifies the relying party trust URI for your server in ADFS.
Allowed Values:
An appSettings key in the following format:

<add key="adfs:ServerResourceUri" value="[The URI of the relying party trust identifier for your server]" />

Default Value:

<add key="adfs:ServerResourceUri" value="" />

Example:
An appSettings key in the following format:

<add key="adfs:ServerResourceUri" value="96E14D9B-6FCF-4BCD-9E0A-B30623AE1939" />

Amazon Cognito

These settings specify the credentials for Amazon Cognito.

Prerequisites

Fields

Field NameDefinition

Client ID

Description:
Specifies the client ID of the app you created or added in Amazon Cognito.
Allowed Values:
An appSettings key in the following format:

<add key="acs:ClientId" value="[client ID from Amazon Cognito]" />

Default Value:

<add key="acs:ClientId" value="" />

Example:
An appSettings key in the following format:

<add key="acs:ClientId" value="2tmqdmcst123uchcfijtf4tgmd" />

Client Secret

Description:
Specifies the Client Secret of the app you created or added in Amazon Cognito.
Allowed Values:
An appSettings key in the following format:

<add key="acs:ClientSecret" value="[client secret from Amazon Cognito]" />

Default Value:

<add key="acs:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="acs:ClientSecret" value="8gkhk3v56oe6gq6irk7u1bghdjnc1ic8646skqb6kuu1ddk1r0r" />

Redirect URI

Description:
Specifies the URI of the page where the user is directed after your app is authorized in Amazon Cognito.
Allowed Values:
An appSettings key in the following format:

<add key="acs:RedirectURI" value="[AgilePoint Redirect URL]/signin-acs" />

Default Value:

<add key="acs:RedirectURI" value="" />

Example:
An appSettings key in the following format:

<add key="acs:RedirectURI" value="mysite.com/signin-acs" />

Authority

Description:
Specifies the Amazon Cognito server URL.
Allowed Values:
An appSettings key in the following format:

<add key="acs:Authority" value="[Amazon Cognito server URL]" />

Default Value:

<add key="acs:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="acs:Authority" value="https://cognito-idp.us-east-2.amazonaws.com/us-east-2_fALHTiv0x" />

Enable Auto Register User (Optional)

Description:
Specifies whether to enable or disable the auto register user in Amazon Cognito.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Description:
Specifies the information to the Amazon Cognito server for the authorization flow. The authorization flow includes the parameters that are returned from the Amazon Cognito endpoint.

For more information contact AgilePoint Professional Services.

Response Mode (Optional)

Description:
Specifies an optional OAuth authorization request parameter that informs the Amazon Cognito server to be used for returning authorization response parameters from the Amazon Cognito endpoint.

For more information contact AgilePoint Professional Services.

Scope (Optional)

Description:
Specifies to limit the access rights to an access token on the Amazon Cognito server.

For more information contact AgilePoint Professional Services.

Okta

These settings specify the credentials for Okta.

Prerequisites

Fields

Field NameDefinition

Client ID

Description:
Specifies the client ID of the app you created or added in Okta.
Allowed Values:
An appSettings key in the following format:

<add key="okta:OAuthClientId" value="[client ID from Okta]" />

Default Value:

<add key="okta:OAuthClientId" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OAuthClientId" value="0oabj6o2hQi5D6kk4282" />

Client Secret

Description:
Specifies the Client Secret of the app you created or added in Okta.
Allowed Values:
An appSettings key in the following format:

<add key="okta:OauthClientSecret" value="[client secret from Okta]" />

Default Value:

<add key="okta:OauthClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OauthClientSecret" value="1G56R2u8YxGvxkRUUUBg5tZDMxnidzIGvpz_xD53" />

Authority

Description:
Specifies the Okta server URL.
Allowed Values:
An appSettings key in the following format:

<add key="okta:OAuthAuthority" value="[Okta server URL]" />

Default Value:

<add key="okta:OAuthAuthority" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OAuthAuthority" value="https://dev-1111.oktapreview.com/oauth2/ausftgs9ksiLQkXk70h1" />

Redirect URI

Description:
Specifies the URI of the page where the user is directed after your app is authorized in Okta.
Allowed Values:
An appSettings key in the following format:

<add key="okta:OAuthRedirectUri" value="[AgilePoint Redirect URL]/signin/oktacallback" />

Default Value:

<add key="okta:OAuthRedirectUri" value="" />

Example:
An appSettings key in the following format:

<add key="okta:OAuthRedirectUri" value="mysite.com/signin/oktacallback" />

Scope (Optional)

Description:
Specifies to limit the access rights to an access token on the Okta server.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Description:
Specifies the information to the Okta server for the authorization flow. The authorization flow includes the parameters that are returned from the Okta endpoint.

For more information contact AgilePoint Professional Services.

SiteMinder

These settings specify the credentials for CA SiteMinder.

Prerequisites

Fields

Field NameDefinition

Connection

Description:
Specifies the path for the LDAP filter connection.
Allowed Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Connection" value="[LDAP server connection string]" />

Default Value:

<add key="siteminder.LDAPFilter:Connection" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Connection" value="LDAP://190.168.1.142/DC=mydomain,DC=com" />

Username

Description:
Specifies the user name for the LDAP sever authentication account.
Allowed Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Username" value="[LDAP server authentication user name]" />

Default Value:

<add key="siteminder.LDAPFilter:Username" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Username" value="LdapAdministrator" />

Password

Description:
Specifies the password for the LDAP sever authentication account.
Allowed Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Password" value="[LDAP server authentication account password]" />

Default Value:

<add key="siteminder.LDAPFilter:Password" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:Password" value="xxxxxxxxxxxxx" />

Mapping File Path

Description:
Specifies the file path for LDAP user synchronization.
Allowed Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:MappingFilePath" value="[user mapping file path]" />

Default Value:

<add key="siteminder.LDAPFilter:MappingFilePath" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:MappingFilePath" value="D:\LDAP\LDAPUserSyncTool\ADUserSync\LDAP\Mapping.json" />

Filter Template

Description:
Specifies the user filter condition on the LDAP server.
Allowed Values:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:FilterTemplate" value="(sAMAccountName=[user name])" />

Default Value:

<add key="siteminder.LDAPFilter:FilterTemplate" value="" />

Example:
An appSettings key in the following format:

<add key="siteminder.LDAPFilter:FilterTemplate" value="(sAMAccountName=JohnSmith)" />

Enable Auto Register User (Optional)

Description:
Specifies whether to enable or disable the auto register user in CA SiteMinder.

For more information contact AgilePoint Professional Services.

Username Header (Optional)

Description:
Specifies whether to check if the selected LDAP user contains a specific header.

For more information contact AgilePoint Professional Services.

IdentityServer

These settings specify the credentials for IdentityServer.

Prerequisites

Fields

Field NameDefinition

Client ID

Description:
Specifies the client ID of the app you created or added in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:ClientId" value="[client ID from IdentityServer]" />

Default Value:

<add key="oidc:ClientId" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:ClientId" value="0oabj6o2hQi5D6kk4282" />

Client Secret

Description:
Specifies the Client Secret of the app you created or added in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:ClientSecret" value="[client secret from IdentityServer]" />

Default Value:

<add key="oidc:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:ClientSecret" value="1G56R2u8YxGvxkRUUUBg5tZDMxnidzIGvpz_xD53" />

Redirect URI

Description:
Specifies the URI of the page where the user is directed after your app is authorized in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:RedirectURI" value="[AgilePoint redirect URL]/signin-oidc" />

Default Value:

<add key="oidc:RedirectURI" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:RedirectURI" value="mysite.com/signin-oidc" />

Authority

Description:
Specifies the IdentityServer server URL.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:Authority" value="[Identity Server URL]" />

Default Value:

<add key="oidc:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:Authority" value="https://idserver.mydomain.com" />

Email Claim Type

Description:
Specifies the user's e-mail address for an e-mail claim type in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:EmailClaimType" value="[e-mail address]" />

Default Value:

<add key="oidc:EmailClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:EmailClaimType" value="admin@mydomain.com" />

Full Name Claim Type

Description:
Specifies the user's full name for a full name claim type in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:FullNameClaimType" value="[user full name]" />

Default Value:

<add key="oidc:FullNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:FullNameClaimType" value="John Smith" />

Given Name Claim Type

Description:
Specifies the user's first name for a given name claim type in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:GivenNameClaimType" value="[user first name]" />

Default Value:

<add key="oidc:GivenNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:GivenNameClaimType" value="John" />

Surname Claim Type

Description:
Specifies the user's last name for a surname claim type in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:SurnameClaimType" value="[user last name]" />

Default Value:

<add key="oidc:SurnameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:SurnameClaimType" value="Smith" />

User Name Claim Type

Description:
Specifies the name of the user for a user name claim type in IdentityServer.
Allowed Values:
An appSettings key in the following format:

<add key="oidc:UserNameClaimType" value="[user name]" />

Default Value:

<add key="oidc:UserNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="oidc:UserNameClaimType" value="John" />

Organization ID Claim Type (Optional)

Description:
Specifies the IdentityServer organization ID for an organization ID claim type.

For more information contact AgilePoint Professional Services.

Scope (Optional)

Description:
Specifies to limit the access rights to an access token on the IdentityServer server.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Description:
Specifies the information to Identity Server for the authorization flow. The authorization flow includes the parameters that are returned from the Identity Server endpoint.

For more information contact AgilePoint Professional Services.

Login Button Text (Optional)

Description:
Specifies a label for the IdentityServer login button.

For more information contact AgilePoint Professional Services.

Login Button ToolTip (Optional)

Description:
Specifies a tooltip for the IdentityServer login button.

For more information contact AgilePoint Professional Services.

Enable Auto Register User (Optional)

Description:
Specifies whether to enable or disable the auto register user in IdentityServer.

For more information contact AgilePoint Professional Services.

PingFederate

These settings specify the credentials for PingFederate.

Prerequisites

Fields

Field NameDefinition

Client ID

Description:
Specifies the client ID of the app you created or added in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:ClientId" value="[client ID from PingFederate]" />

Default Value:

<add key="pingfed:ClientId" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:ClientId" value="0oabj6o2hQi5D6kk4282" />

Client Secret

Description:
Specifies the Client Secret of the app you created or added in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:ClientSecret" value="[client secret from PingFederate]" />

Default Value:

<add key="pingfed:ClientSecret" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:ClientSecret" value="1G56R2u8YxGvxkRUUUBg5tZDMxnidzIGvpzxD53" />

Redirect URI

Description:
Specifies the URI of the page where the user is directed after your app is authorized in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:RedirectURI" value="[AgilePoint redirect URL]/signin-ping" />

Default Value:

<add key="pingfed:RedirectURI" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:RedirectURI" value="https://mysite.com/signin-ping" />

Authority

Description:
Specifies the PingFederate server URL.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:Authority" value="[PingFederate URL]" />

Default Value:

<add key="pingfed:Authority" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:Authority" value="https://pingfed.mydomain.com" />

E-mail Claim Type

Description:
Specifies the user's e-mail address for an e-mail claim type in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:EmailClaimType" value="[e-mail address]" />

Default Value:

<add key="pingfed:EmailClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:EmailClaimType" value="admin@mydomain.com" />

Full Name Claim Type

Description:
Specifies the user's full name for a full name claim type in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:FullNameClaimType" value="[user full name]" />

Default Value:

<add key="pingfed:FullNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:FullNameClaimType" value="John Smith" />

Given Name Claim Type

Description:
Specifies the user's first name for a given name claim type in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:GivenNameClaimType" value="[user first name]" />

Default Value:

<add key="pingfed:GivenNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:GivenNameClaimType" value="John" />

Surname Claim Type

Description:
Specifies the user's last name for a surname claim type in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:SurnameClaimType" value="[user last name]" />

Default Value:

<add key="pingfed:SurnameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:SurnameClaimType" value="Smith" />

User Name Claim Type

Description:
Specifies the name of the user for a user name claim type in PingFederate.
Allowed Values:
An appSettings key in the following format:

<add key="pingfed:UserNameClaimType" value="[user name]" />

Default Value:

<add key="pingfed:UserNameClaimType" value="" />

Example:
An appSettings key in the following format:

<add key="pingfed:UserNameClaimType" value="John" />

Organization ID Claim Type (Optional)

Description:
Specifies the PingFederate organization ID for an organization ID claim type.

For more information contact AgilePoint Professional Services.

Scope (Optional)

Description:
Specifies to limit the access rights to an access token on the PingFederate server.

For more information contact AgilePoint Professional Services.

Response Type (Optional)

Description:
Specifies the information to the PingFederate server for the authorization flow. The authorization flow includes parameters that are returned from the PingFederate endpoint.

For more information contact AgilePoint Professional Services.

Sign-In Button Text (Optional)

Description:
Specifies a label for the PingFederate sign-in button.

For more information contact AgilePoint Professional Services.

Sign-In Button Tool Tip (Optional)

Description:
Specifies a tool tip for the PingFederate sign-in button.

For more information contact AgilePoint Professional Services.

Enable Auto Register User (Optional)

Description:
Specifies whether to enable or disable the auto register user in PingFederate.

For more information contact AgilePoint Professional Services.