Ecuador Malaysia México Middle East Spain USA USA ( Español )
Contact
SUBSCRIBE

Be updated, subscribe to the OpenKM news

Integration of OpenKM with OAuth 2.0 in Azure AD for Secure Authentication and Regulatory Compliance

Written by Mario Zules, OpenKM USA, on 24 February 2025

Companies require efficient solutions for identity and access management. Integrating OpenKM with Azure Active Directory (Azure AD) enhances authentication in business applications, ensuring regulatory compliance and data security. Thanks to OAuth 2.0–based authentication, single sign-on (SSO) is enabled for cloud services such as Google Workspace, SharePoint Online, and cloud storage.

What is OAuth 2.0 and How Does It Work in Azure AD?

OAuth 2.0 is an authorization protocol that allows applications to access protected resources without sharing credentials. In Azure AD, it is used to grant permissions to business applications such as OpenKM, SQL Server, and cloud storage.

The authentication process follows this structured flow:

  1. User Login: The user accesses the web application and logs in using their Azure AD credentials.
  2. Authorization Code Generation: An authorization code is generated, which the application sends to the authentication server.
  3. Token Issuance: Azure AD returns an access token and a refresh token.
  4. Accessing Services: With the access token, the application can connect to services such as Microsoft Graph and Amazon S3.
  5. Token Renewal: When the access token expires, the refresh token allows the application to obtain a new access token without requiring the user to log in again.

Benefits of Integrating OpenKM with Azure AD

  1. Enhanced Security and Regulatory Compliance

    Azure AD's security policies protect sensitive data in private or hybrid cloud environments. Access is managed centrally to prevent unauthorized entry.

  2. Single Sign-On (SSO) for Increased Efficiency

    SSO eliminates the need for remembering multiple credentials, allowing employees to access various platforms with a single authentication. This streamlines access and improves business continuity.

  3. Role-Based Management and Delegated Permissions

    With Azure AD, administrators can define detailed access controls. Delegated permissions restrict access to certain functions within OpenKM. Recommended permissions include:

  • User.Read: Allows OpenKM to access basic user information.
  • Files.ReadWrite.All: Authorizes editing of documents in SharePoint Online.
  • Sites.Manage.All: Enables management of cloud sites.

Authentication Flows Compatible with OpenKM and Azure AD

  • Authorization Code Flow: For user authentication in web applications.
  • Client Credentials Flow: Ideal for integrations that do not involve user interaction.
  • Device Code Flow: For devices that lack a user interface.

Implementing OAuth 2.0 in OpenKM

Step 1: Register the Application in Azure AD

  1. Access the Azure AD portal and register a new application.
  2. Save the values for Client ID, Client Secret, and the authentication URLs.

Step 2: Configure OpenKM for Authentication with Azure AD

  1. Enter the security settings in OpenKM.
  2. Specify the Azure AD authentication server.
  3. Configure the access tokens and delegated permissions.
  4. Enable access to services such as SharePoint Online and Cloud Storage.

Step 3: Validate the Authentication

  • Use the command line or a test application to verify the login process.

Practical Example: Token Request in OpenKM

 

 curl -X POST https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token \

-H "Content-Type: application/x-www-form-urlencoded" \

-d "client_id={client_id}&client_secret={client_secret}&grant_type=authorization_code&code={auth_code}&redirect_uri={redirect_uri}"

This command requests an access token using the Authorization Code flow.

Common Challenges and Solutions

  1. Managing Personal and Business Accounts

    Personal and business accounts may cause authentication conflicts. It is recommended to configure access policies to differentiate business users.

  2. Protection Against Threats and Disaster Recovery

    Microsoft Defender can detect security vulnerabilities and assist in recovery in the event of attacks.

  3. Remote Access and Identity Security

    It is advised to enable:

  • Secure gateways for external connections.
  • Email address–based restrictions.
  • Temporary access tokens for connections from external networks.

Conclusion

Integrating OpenKM with Azure AD using OAuth 2.0 enhances authentication in business applications and strengthens security. With SSO, delegated permissions, and centralized access management, companies can ensure a secure and efficient environment.

For more information about integrating OpenKM with Azure AD, please contact our technical support team.

Contact us

CAPTCHA ImageRefresh Image

Don't hesitate to contact us

OpenKM in 5 minutes!