The Grand Avenue Software Authentication Management module allows users to sign in using an external identity provider such as Microsoft Entra (Azure Active Directory). Currently this module supports OpenID Connect with the OAuth 2.0 protocol using Authorization Code with PKCE using Access Tokens and ID tokens.
This page guides you through the steps in configuring the Authentication Management module and can be used as part of your validation by printing the checklist/signature version of the page. Perform and initial each step, then sign the page when it is complete.
This page is also used to modify configuration settings as necessary.
The Configure Authentication Management Module page has links to the following configuration tasks:
Register your Grand Avenue instance within your SSO identity provider.
If you enable the feature, administrators will be able to connect each Grand Avenue user account to a corresponding account in the external identity provider. From that point on, those users will sign into Grand Avenue by clicking a special SSO button on the Sign In page. The system will temporarily redirect them to the external identity provider for authentication, and once they've been authenticated it will return them to Grand Avenue, signed in under the GAS account linked to that external SSO account.
Enter a user-friendly name in the Single Sign On Provider Name field (for example Microsoft Entra/Azure AD or Okta).
Use the OpenID Connect Well-Known Configuration URL field to indicate the Open ID Connect well-known configuration endpoint.
https://login.microsoftonline.com/{yourTenantId}/v2.0/.well-known/openid-configurationhttps://{yourOktaDomain}/.well-known/openid-configurationhttps://accounts.google.com/.well-known/openid-configurationEnter the ID of the registration created within the identity provider in the Application (client) ID field.
You can optionally use the Identity Provider ID field to configure support for an automatic sign-in using the configured Identity Provider. The ID you enter in this field will be used in URL bookmarks for the system.
For example, if you entered "ExampleSSO" into the Identity Provider ID field, you could later create a URL that automatically signs a user into GAS with this Identity Provider, and then takes them to the Task List page:
<BaseURL>/<ApplicationName>/Core/Task/Tasklist.aspx?IdentityProviderID=ExampleSSOClick the Save button to save the configuration and restart the application with the configuration for the identity provider. This will also verify that the well-known configuration URL returns a valid JSON document.
Click the Cancel button to return to the previous page without making any changes.
The following roles can be assigned by Authentication Module Administrators using the Manage Role Assignments page:
See the Manage Role Assignments section in the General help for additional information about assigning roles to users.
Copyright © 2003-2025, Grand Avenue Software, Inc.
All rights reserved.