New to Telerik Report Server? Download free 30-day trial

Configuring the Report Server for .NET Single Sign-On Functionality using Microsoft Entra ID for Linux/Container

Microsoft Entra ID is a cloud-based identity and access management service that can be used for authentication in the Telerik Report Server for .NET.

In this article, we will explain how to set up and enable the Microsoft Entra ID authentication for the users of the Telerik Report Server for .NET. Besides the enhanced authentication security, this approach also improves the user experience, because the users who are already registered in Microsoft Entra will be able to log into Report Server Manager UI without entering their login credentials each time.

Prerequisites

  • Telerik Report Server installation with at least one administrator account.
  • An Azure account with Microsoft Entra ID support.

In case you are unfamiliar with the process of using Microsoft Entra ID, we recommend checking out the Set up Microsoft Entra ID article.

Steps

1. Create a Microsoft Entra ID Tenant

  1. Navigate to the Microsoft Azure Home page.
  2. From the menu in the top left corner of the page, select Microsoft Entra ID.
  3. In the displayed Overview page, click Manage Tenants:

    Location of the Manage Tenant button in the Azure portal.

  4. Click the Create button on the Manage Tenants page:

    Location of the Create button on the Manage Tenants page in the Azure portal.

  5. On the Create a tenant page, choose Microsoft Entra ID as the tenant type (it should be selected by default):

    The Create a tenant page with Microsoft Entra ID as the selected type.

  6. Click Next: Configuration > and type Organization name (for example, Report Server Tenant) and Initial Domain Name (e.g. ReportServerNetDomain):

    The configuration step of creating a tenant with sample directory details.

  7. Click Next: Review + create > and if the configuration is correct, a green message notifying that the validation has passed will be displayed:

    The review and create step of the workflow.

  8. Click Create and then fill in the Captcha (it will take a minute or two to complete the process once it has been submitted).

2. Registering the Telerik Report Server for .NET Application

  1. If the steps from the previous section were completed successfully, the following green message should appear above the Captcha:

    Tenant creation was successful. Click here to navigate to your new tenant: Report Server Tenant.

    The text Report Server Tenant is your organization name and there will be a link to the Report Server Tenant Overview page.

    If you are not on the Report Server Tenant Overview page, go to the top left Menu >> Microsoft Entra ID >> click Add >> App Registration.

  2. Register the application by choosing Add > App registration.

    Add Report Server Application, for example, as a name, leave the rest options to be the default, and click Register.

    The step where the Report Server for .NET application is registered in Azure.

  3. Expand the Manage dropdown in the menu on the left and choose Authentication.

  4. Click Add Platform >> Web >> Tick the ID Tokens checkbox, then click Configure.

    Opening the authentication page for the Report Server application in Azure.

  5. Add a Redirect URL, for example, http://localhost:82/signin-oidc.

    Configuring a redirect URL and the token settings for authentication between the Report Server and Azure.

  6. Click Certificates & secrets in the expanded Manage dropdown in the menu on the left.

  7. On the Certificates & secrets page, Click the New client secret button.

    Triggering the creation of new client secret in the Azure portal.

    Once the secret is created, copy and save the secret value as it will be used in the Report Server later. Note that you can do this only at this step. The failure would require another secret to be created, saved, and used.

3. EntraID Setup on a local Telerik Report Server for .NET installation on Linux

  1. Download the archive Telerik_ReportServer_Net_NonWindows_{Report Server version}.zip from your Telerik account.
  2. Unzip the archive. The content gets deployed in two folders ReportServer and ReportServiceAgent.
  3. Open the Powershell and navigate to the subfolder ReportServer.
  4. Run the command docker build -t telerik-report-server:local . in Powershell to build the Report Server Manager image. Mind the dot . at the end of the command.
  5. Navigate to the subfolder ReportServiceAgent.
  6. Run the command docker build -t telerik-report-server-agent:local . in Powershell to build the Report Server ServiceAgent image. Mind the dot . at the end of the command.
  7. Navigate to the subfolder ReportServer\docker-configs.
  8. (optional, recommended) Change the password P1@ceStr0ngP@ssw0rdH3r3 for the SA database user with your own strong password in the files docker-compose.yml and mssql_storage.env:

    • Open the file docker-compose.yml in a text editor like Notepad++ and change the password on line 31. The tabulation is essential and should be preserved:

    - SA_PASSWORD=P1@ceStr0ngP@ssw0rdH3r3

    • Open the file mssql_storage.env in a text editor like Notepad++ and change the password with your own password you used above:

    reportServer__storage__parameters__0__value=Data Source=storage;Initial Catalog=reportserver;Password=P1@ceStr0ngP@ssw0rdH3r3;User Id=sa;Encrypt=false

  9. Run the command docker image pull mcr.microsoft.com/mssql/server:2019-latest.

  10. (optional, use it only if it was not used before) Initialize a swarm to make the Docker Engine hosting the RS.NET a manager in the newly created single-node swarm by running the command docker swarm init.
  11. Run the command docker stack deploy -c docker-compose.yml report-server.
  12. Navigate to localhost:82 in the browser to open the Report Server Manager for .NET.

4. Enabling Microsoft Entra ID Authentication in the Telerik Report Server for .NET

  1. Open the Telerik Report Server for .NET in the browser. The default URL is http://localhost:82/.
  2. Navigate to the Configuration page and select the Authentication tab.

    The Report Server for .NET Application's Configuration page on the Authentication tab.

  3. Enable the Microsoft Entra ID Provider.

  4. In the Instance field, use the URL - https://login.microsoftonline.com/.
  5. In the Domain field, use the one from step 5 in the Create a Microsoft Entra ID Tenant section and add it as a URL, for example - https://ReportServerNetDomain.onmicrosoft.com/.
  6. Open the Microsoft Azure Portal to get the Tenant ID:

    • From the menu in the top left corner of the page, select Microsoft Entra ID.
    • The Tenant ID can be copied from the Basic Information table in the center of the page.
  7. Open the Microsoft Azure Portal to get the Client ID:

    • From the menu in the top left corner of the page, select Microsoft Entra ID.
    • Expand the Manage dropdown >> App Registrations >> All Applications.
    • Click the application name e.g. Report Server Application (defined in the previous section).
    • Copy the Application (client) ID and add it to the Report Server in the Client ID field.

      The Report Server Application page in the Azure portal where the application (client) ID is located.

    • Click the Save Changes button in the Report Server for .NET's Configuration page (a message that a manual restart of the service is required will appear on the screen).

    • The restart can be performed from the IIS Manager >> Application Pools >> Right-click the Telerik Report Server for .NET site and choose Recycle.
  8. Once the service is manually restarted, log in with a user that has an administrator role and go to User Management.

  9. Click the Add New User button:

    • Select the Authentication Provider to be EntraId.
    • Add a username.
    • Add the domain name login email e.g. username@mycompany.com.
    • Choose a User Role and save the changes.

    Creating a user with EntraID authentication in the Report Server for .NET Application

  10. Log out of the Report Server to go to the Login page.

    The Report Server for .NET Login page with an enabled Microsoft Entra ID.

  11. Click the blue Microsoft Entra ID button. You should be automatically logged in with your EntraID.

See Also

In this article