Product: Awair Dashboard
Note: Awair Business Dashboard is only compatible with Awair Business App and must be activated internally before you can access it. If you’re interested in setting up an Awair Business account with us, please click here to get in touch with our sales team.
Overview
This document provides instructions to disable the Implicit grant settings for an Azure AD application registration as the 3rd party identity provider for Awair Dashboard. The Azure AD identity provider is used for user authentication when logging into the Awair Dashboard. This means Awair Dashboard and mobile applications will delegate the authentication responsibility to the Azure AD identity provider. This is also known as Single Sign-On (SSO), where users only need to log in once through their company-designated identity provider, and they will be able to access all applications that are authenticating with the same identity provider.
For quick navigation through this resource, please use the bookmark links below:
- When to use this change
- Steps in Azure Portal
- What these settings mean
- Expected outcome
- Validation checklist
When to use this change
Disable implicit flow when your application has been updated to use the Authorization Code flow with PKCE and no longer requires tokens to be returned directly from the browser during sign-in.
Steps in Azure Portal
Sign in to the Azure Portal.
Open App Registrations.
Select the application you want to update, such as Awair Dashboard.
In the left navigation, select Authentication.
In the section Redirect URI configuration, choose Add Redirect URI to add a new Single-page application redirect URI. This redirect URI is required for the PKCE-based sign-in flow that replaces implicit grant. Then, enter the following redirect URI.
Replace{{org_id}}with the organization ID you want to connect to. You can find the organization ID in the previous web redirect URI or Awair dashboard.
>> https://dashboard.getawair.com/sso/callback?type=spa&orgId={{org_id}}Then find the Settings section, and find Implicit grant and hybrid flows, and uncheck both Access tokens and ID tokens.
Save the changes.
What these settings mean
Access tokens: Allows an access token to be returned directly during implicit flow.
ID tokens: Allows an ID token to be returned directly during implicit sign-in or hybrid flow.
When both options are unchecked, the app registration no longer supports implicit token issuance for those flows.
Expected outcome
After saving the change, the application registration will stop issuing access tokens and ID tokens through implicit grant settings. Applications using modern OAuth 2.0 or OpenID Connect flows should continue to work normally if they are configured correctly.
Validation checklist
- Confirm the correct app registration was selected.
- Verify a new Single-page Application URI was added.
- Verify both Access tokens and ID tokens are unchecked.
- Save the configuration.
- Test sign-in for the application after the change.