Microsoft Authentication Library (MSAL) is a library developed by Microsoft for authentication and authorization processes. You can quickly and easily configure authentication processes using MSAL in Kuika. In this way, you can add authentication to your applications and enable users to log in securely and access authorized resources. This guide explains step by step how you can configure authentication using MSAL.

You can learn this process in detail under the following headings:

A. Working with the Microsoft Authentication Library authentication provider.

B. Anatomy of the MSAL Settings module.

C. Creating an application in the Azure Portal.

D. Adding a platform.

E. Defining the MSAL configuration in the Configuration Manager Module in Kuika.

A. Working with the Microsoft Authentication Library Authentication Provider

After logging into the Kuika platform, open the project you will work with from the "Apps" screen.

2. Then open the "Configuration Manager " (1) module.

3. Open the "Configuration Manager" module.

4. Name the configuration you want to create and click the "CREATE" button.

5. Select one of the MSAL (2) options in the "Authentication & Authorization" section of the App Settings tab (1) or create a new configuration with "ADD NEW" (3).

Content added by Global Config in the Workspace will be shown as read only or hidden by unauthorized users.

B. Anatomy of the MSAL Settings Module

After selecting a predefined configuration or creating a new configuration, the "MSAL Setting" modal opens. You can make the following settings via this modal:

Name (1) :Used to define the Authentication Provider.
Client ID (2) : The unique ID of the application created through Azure Portal.
Client Secret (3) : A secret key used to authenticate the application.
Authority (4) : Enter the URL extension used for authentication. (For example; "https://login.microsoftonline.com/{tenant} or https://login.microsoftonline.com/common/.")
Scopes (5) : Permissions that specify which resources the application requests access to. (For example, a scope like user.read allows you to read profile information.)
Keystore Base64 (6) : Usually used for Android applications and is a keystore encoded in Base64 format.
Cache Location (7) : Determines the location where authentication credentials and tokens will be stored.
Keystore Hash (Android only)(8) : The hash information required for Android applications.

After completing the changes, click on the "CREATE" button (9).

C. Creating an Application in Azure Portal

To use MSAL as an authentication provider in Kuika, you need to perform the following steps in the Azure portal:

Sign in to portal.azure.com.
Click Entra ID or search for Entra ID in the search field.Click on "App registrations" and click on the "New registration" button

Click on "App registrations" and click on the "New registration" button.
Select "Register in this Directory".
Name your app and select the appropriate option under "Supported Account Types".
Click on the "Register" button.

Registering Application Information

Use the information on the screen that opens after creating an application registration (Application Client ID and Tenant ID for Business accounts) when defining MSAL information in Kuika.

2. Click on the "New client secret" button in the"Certificates & secrets" section.

3. Fill in theDescription field and select the expiration time, then click the "Add" button.

4. Back up the value under Client Secret on the screen that appears.

This value will be used for Client Secret on the platform and will not be accessible in the future for security.

Configuring API Permissions

Open theAPI permissions section. In this screen, existing permissions are listed and a new permission can be created. By default, the "User.Read" permission to log in and read the user profile comes on this screen.

2. Click on the"Add a permission" button to add the needed permissions (for example, to access the calendar).

3. You can click on Microsoft Graph from the drawer on the right and select the permissions you need to add.

After adding permissions, you will return to the previous screen.

D. Adding a Platform

Adding platforms (Web/iOS and Android) for authentication:

In the"Overview" section, click on the "Add a Redirect URL" button.
Click on the"Add a platform" button.

Adding Web Platform:

Click on the"Web" button and enter the required URLs.
On the screen that opens, in the Redirect URLs field, create a Redirect URL for the web application you will publish. (For example, https://platform.kuika.com/msalredirect)
Then create a Logout URL for the web application you will publish in the "Front-channel logout URL" field at the bottom. (For example, https://platform.kuika.com/logout)
Click on the"Configure" button.

Adding iOS Platform:

Click the"iOS" button and enter the Bundle ID.
Click the"Configure" button and complete the process.

Adding Android Platform

Click on the"Android" button and enter the required information.
Click the"Configure" button and complete the process.

E. Defining MSAL Configuration in Configuration Manager Module in Kuika

Open the"Configuration Manager" module and create a configuration configuration.
In theApp Settings tab, select the MSAL configuration or create a new one.
Enter the required information in theMSAL Setting modal and complete the process by pressing the "CREATE" button.

You can now authenticate your application using MSAL and access the required resources.