PowerShell Universal
DownloadsIssuesDiscordForums
v1
v1
  • About
  • Get Started
    • Additional Resources
    • Installation
      • Docker
      • Upgrading
    • Licensing
    • System Requirements
    • Supported Browsers
    • Visual Studio Code Extension
  • Cmdlet Help
  • Examples
    • Active Directory
    • Hyper-V
    • Image Processing
    • Monitoring
    • PowerShell Protect
    • Slack
    • SQL
  • API
    • About
    • Development
    • Endpoints
    • Security
    • Error Handling
    • Rate Limiting
  • Automation
    • About
    • Development
    • Scripts
      • Parameters
    • Jobs
    • Schedules
    • Triggers
    • Variables
  • Dashboard
    • About
    • Development
    • Dashboards
      • Migrating From Universal Dashboard 2.9
      • Building Dashboards
      • Custom Variable Scopes
    • Frameworks
    • Components
      • Pages
      • Dynamic Regions
      • Element
      • Error Boundary
      • HTML
      • Building Custom Components
      • Data Display
        • Alert
        • Chip
        • Date and Time
        • Icon
        • List
        • Table
        • Tree View
        • Typography
      • Data Visualization
        • Charts
        • Map
      • Feedback
        • Backdrop
        • Modal
        • Progress
        • Skeleton
      • Inputs
        • Autocomplete
        • Button
        • Checkbox
        • Code Editor
        • Date Picker
        • Floating Action Button
        • Form
        • Radio
        • Select
        • Slider
        • Switch
        • Textbox
        • Time Picker
        • Upload
      • Navigation
        • Drawer
        • Stepper
        • Tabs
      • Layout
        • Grid Layout
        • Grid
        • Hidden
      • Utilities
        • Transitions
      • Surfaces
        • AppBar
        • Card
        • Paper
        • Expansion Panel
    • Interaction
    • Published Folders
    • Themes
      • Cascading Style Sheets
      • Styles
    • Scheduled Endpoints
    • Role Based Access
    • Marketplace
  • Platform
    • Cache
    • Monitoring
  • Configuration
    • About
    • API
    • Environments
    • Hosting
      • IIS
      • Single-File
    • Login Page
    • Management API
    • Settings
    • Security
      • App Tokens
      • OpenID Connect
      • WS-Federation
    • Running as a Service Account
    • Git
  • Debugging
    • Logging
    • Debugging Scripts
  • Changelog
  • Extension Changelog
  • Legacy Universal Dashboard Docs
Powered by GitBook

PowerShell Universal

  • Downloads
  • Pricing
  • Gallery

Community

  • Issues
  • Forums
  • Discord

Support

  • Portal
  • Knowledgebase

Copyright 2025 Ironman Software

On this page
  • Configuring AzureAD
  • Configuring Universal
  • Delegated Access Tokens

Was this helpful?

Edit on Git
Export as PDF
  1. Configuration
  2. Security

OpenID Connect

Configure OpenID Connect with Universal.

PreviousApp TokensNextWS-Federation

Last updated 4 years ago

Was this helpful?

OpenID Connect is an authentication layer on top of OAuth 2.0, an authorization framework. It is supported by many vendors and provides the ability to authenticate against systems like AzureAD.

This document will outline the steps necessary to configure AzureAD OpenID Connect and use it with Universal.

Configuring AzureAD

Within the Azure Portal, navigate to your Azure Active Directory blade. Next, click the App registrations node and then click New registration.

In the New registration page, enter the name of your application and the reply URL. The URL can be configured in the appsettings.json for Universal but the default value is shown below.

Next, you'll need to configure a client secret. You can click the Certificates & secrets menu and then click New client secret. This secret will need to go into the appsettings.json file.

Now, you will need to take note of your Application (client) ID GUID. This will be used in the appsettings.json file.

Configuring Universal

Now that we have completed the configuration of an AzureAD App Registration, we can update the appsettings.json file with the appropriate settings. For my application, it would look something like this.

    "OIDC": {
      "Enabled": "true",
      "CallbackPath": "/auth/signin-oidc",
      "ClientID": "6f006906-643a-40fe-af00-9060ceffffff",
      "ClientSecret": "xxxxxxxxxxxxxxxxxx",
      "Resource": "",
      "Authority": "https://login.microsoftonline.com/fffffff-4b76-4470-a736-8481d7a2ed87",
      "ResponseType": "code",
      "SaveTokens": "false"
    },

Due to changes in the Chromium browser, you may need to disable the Cookies without SameSite must be secure setting to test OpenID Connect when running on localhost without HTTPS.

Navigate to chrome://flags and search for the setting to set it to disabled.

Delegated Access Tokens

You can use access tokens generated by an OIDC login for other services the user may have access to. Within your OIDC provider, like Azure AD, you can grant additional permissions to the token.

You will also have to enable access tokens within the authentication flow so that the token provides the necessary resource access.

Finally, within your PSU appsettings.json file, you will need to ensure that SaveTokens is enabled, the resource type includes token and the resource you wish to access is included in the Resource setting. The URL that you specify in the resource should be listed in within the provider.

The below example adds a resource for Microsoft O365.

    "OIDC": {
  "Enabled": "true",
  "CallbackPath": "/auth/signin-oidc",
  "ClientID": "<clientID>",
  "ClientSecret": "<clientSecret>",
  "Resource": "https://manage.office.com/",
  "Authority": "https://login.microsoftonline.com/tenant",
  "ResponseType": "id_token token",
  "SaveTokens": "true",
  "UseTokenLifetime": true
},

Within your dashboard, you will now have access to an $AccessToken and $IdToken variable that you can use with cmdlets that require authorization.

For example, the Connect-AzureAd cmdlet accepts an access token.

Connect-AzureAD
       [-AzureEnvironmentName <EnvironmentName>]
       [-TenantId <String>]
       -AadAccessToken <String>
       [-MsAccessToken <String>]
       -AccountId <String>
       [-LogLevel <LogLevel>]
       [-LogFilePath <String>]
       [-InformationAction <ActionPreference>]
       [-InformationVariable <String>]
       [-WhatIf]
       [-Confirm]
       [<CommonParameters>]

Finally, you will have to click the Endpoints button to open the Endpoints drawer. This contains a list of the endpoints. Make note of the OAuth 2.0 authorization endpoint URL. You will need this for the appsettings.json. Note that you will not input the entire endpoint URL. You will need to include the portion of the URL through the GUID but without the path after oauth2 in the Authority setting below (e.g. ).

Read more about appsettings.json on our page.

https://login.microsoftonline.com/fffffff-4b76-4470-a736-8481d7a2ed87
Settings