/
Integrations
You may want to integrate with Microsoft Azure Active Directory (AD) if:
- you want to let users (such as employees in your company) into your application from an Azure AD controlled by you or your organization.
- you want to let users coming from other companies' Azure ADs into your application. (You may want to set up those external directories as different connections.)
Steps
To connect OBS ERP to Microsoft Azure AD, you must:
- Set up OBS EPR in the Microsoft Azure portal.
- Create an enterprise connection in OBS ERP.
- Test the connection.
Microsoft Azure Account
Before proceeding, you will need a valid Microsoft Azure account and must have your own Microsoft Azure AD directory for which you are a Global administrator.
If you don't have a Microsoft Azure account, you can sign up for free; then, if necessary, set up an Azure AD directory by following Microsoft's Quickstart: Create a new tenant in Azure Active Directory - Create a new tenant for your organization.
Alternatively, if you have an Office 365 account, you can use the account's Azure AD instance instead of creating a new one. To access your Office 365 account's Azure AD instance:
- Sign in to Office 365, and navigate to the Office 365 Admin Center.
- Open the Admin centers menu drawer located in the left menu, and click on Azure AD.
Set up your app in the Microsoft Azure portal
To allow users to log in using a Microsoft Azure Active Directory account, you must register your application in the Microsoft Azure portal.
Register a new application
To learn how to register your application with Azure AD, follow Microsoft's Quickstart: Register an application with the Microsoft identity platform doc.
While setting up your app, make sure you use the following settings:
- If you want to allow users from external organizations (like other Azure AD directories), then when asked to choose Supported account types, choose the appropriate multitenant option. Multitenant options include the following: Accounts in any organizational directory (Any Azure AD directory - Multitenant).
- When asked to set a Redirect URI, enter your callback URL:
https://{instance}.obs2go.com/oauth/oauth.
Create a client secret
To learn how to create a client secret, follow Microsoft's Quickstart: Configure a client application to access web APIs - Add Credentials to your web application. You want to generate a Client secret. Once generated, make note of this value.
Add permissions
To learn how to add permissions, follow Microsoft's Quickstart: Configure a client application to access web APIs - Add permissions to access web APIs. You want to configure permissions for the Microsoft Graph API.
While setting up your permissions, make sure you use the following settings:
- When asked for a permission type, choose Delegated permissions. Under User, select User.Read so your app can sign in users and read the signed-in user's profile. Under Directory, select Directory.Read.All so your app can read directory data on the signed-in user's behalf.
Token configuration
Make sure the following claims are on the list:
API Permissions:
The following permissions shall be on the list:
Expose API:
Make sure you have similar configuration:
Authorized client applications:
Scope:
Create an enterprise connection in OBS ERP
| MS Azure SSO Variables | ||
| Description | Key | Value |
| MS Azure Resource | AzureResource | {resource} e.g. api://2d4170c2-09ef-4532-9266-4ea9ec46c9bf |
| MS Azure Directory Tenant ID | AzureTenantID | {tenant} e.g. ab00192f-94a1-4f17-bc3a-062b03ae3c43 |
| Token URL in MS Azure | AzureTokenURL | https://login.microsoftonline.com/{tenant}/oauth2/token |
| Authorization URL in MS Azure | AzureAuthURL | https://login.microsoftonline.com/{tenant}/oauth2/authorize |
| Application ID in MS Azure | AzureClientID | {application_id} e.g. 2d4170c2-09ef-4532-9266-4ea9ec46c9bf |
| MS Azure Client Secret | AzureClientSecret | {secret} e.g. QlpXFFeqy5x-l5z1uNgbZInSEfn_oBf= |
Description of the variables:
| Parameter | Required/optional | Description |
|---|---|---|
| tenant | required | The {tenant} value in the path of the request can be used to control who can sign into the application. The allowed values arecommon, organizations,consumers, and tenant identifiers. For more detail, see protocol basics. |
| client_id | required | The Application (client) ID that the Azure portal – App registrations page assigned to your app. |
| grant_type | required | Must be authorization_code for the authorization code flow. |
| scope | required | A space-separated list of scopes. The scopes requested in this leg must be equivalent to or a subset of the scopes requested in the first leg. The scopes must all be from a single resource, along with OIDC scopes (profile, openid, email). For a more detailed explanation of scopes, refer to permissions, consent, and scopes. |
| code | required | The authorization_code that you acquired in the first leg of the flow. |
| redirect_uri | required | The same redirect_uri value that was used to acquire the authorization_code. |
| client_secret | required for web apps | The application secret that you created in the app registration portal for your app. You shouldn't use the application secret in a native app because client_secrets can't be reliably stored on devices. It's required for web apps and web APIs, which have the ability to store the client_secret securely on the server side. The client secret must be URL-encoded before being sent. |
As a result the login page of your OBS ERP instance will include the Microsoft Sign-in button
SMS
After obtaining a Twilio account, you need to set up some values in the "Settings" module (Administration -> Settings -> Preferences)
| Twilio phone number | twilio_phone | +19712594902 |
| Twilio API User | twilio_user | AC30b75a8111fa8fd09c1b |
| Twilio SMS Provider API URL | twilio_api_url | https://api.twilio.com/2010-04-01/Accounts/__sid__/Messages.json |
| Twilio SMS Provider Authentication token | twilio_auth_token | 0e80edc2b2003179fc46 |
Then you can use the SMS provider to notify customers for overdue payments or other custom notifications.
- Projects
- Issues
- Time Tracking
- OBS ERP Settings
| GitLAB Repository | gitlab_repo | https://gitlab.yourdomain.com |
| GitLAB User | gitlab_user | user@yourdomain.com |
| GitLAB password | gitlab_pass | 0e80edc2b2003179fc46 |
- The email addresses of the users in GitLab are used as unique identifiers and they must be configured.
Data synchronization on a regular basis
- You may setup a regular task in the main scheduler of OBS ERP, e.g. run every day function "IssuePostRequest" with parameter:
This job will update the existing or insert new projects, tasks and tracked time.
- Import transactions history
- Import account balance
- Counterparties - get information and create a new counterparty
- Transfers - creates a transfer
1. Create public and private keys as described in the official Revolut API documentation
2. Create a new API Connection in Revolut as shown below:
2.1 Open "Connect"
2.2 Add a certifacte - the contents of your public key. PLease note the redirect link. You need to replace "instance" with the name of your OBS ERP instance.
2.3 Note the Client ID
2.4 Add configuration in OBS ERP -> Administration -> Settings ( https://INSTANCE.obs2go.com/modules/settings/all )
2.5 Attach your private key to setting (revolut_private_key)
2.6 Go back to Revolut and enable the API Access.
3. Get in touch with OBS ERP representative for special use cases
You can use this feature in module "Companies" -> Edit Company -> Menu -> VAT EU Check
You would need an API key in order to use the google maps integration in OBS ERP.
After obtaining an API KEY, you need to set it up in "Settings" module (Administration -> Settings -> Preferences)
Variable: google_maps_api_key