Moxie permissions support Microsoft Entra ID (formerly Azure Active Directory). This allows you to manage your Moxie user permissions from a cloud-based environment.  Moxie will support the use of MFA as long as you use Microsoft Entra ID and have Microsoft Entra ID configured for MFA. 

You must set up Microsoft Entra ID to register Moxie as an application in order for Moxie to use Microsoft Entra ID.  Once you have completed this task, you will have to run the Omnivex Moxie Data Server Config (MDSC) application on the Data Server computer and select Azure Active Directory as your new permission method. 

Note: Before attempting to use AAD as your authentication method, ensure that you have registered Moxie with AAD.

Prerequisites:

• Microsoft Entra ID P1 or P2 license
• Privileged Role Administrator or Global Administrator

Setting up Microsoft Entra ID:

Roles & Groups:

1. Go to Azure Portal > Microsoft Entra ID > Roles and Administrators > Create a new custom role
2. Name it (e.g: Azure Group Read All)
3. Search microsoft.directory/groups/memberOf/read > Addit > Next.
4. Click Create.
5. Go back to Microsoft Entra ID > Groups > New group
6. Fill in the following fields:
   1. Group type: Security
   2. Group name: Data Server Admins
   3. Group description: Data Server Admins for Moxie
   4. Microsoft Entra roles can be assigned to the group: Yes
   5. Owners: Assign an owner
   6. Members: Assign members that you want to have access to the Moxie Data Server Admins group
   7. Roles: Azure Group Read All

App Registration:

1. Go to App registrations > New registration
2. Name: Omnivex Moxie
3. Supported account types: Accounts in this organizational directory only
4. Assign an owner
5. Click Authentication>Add a platform
6. Click Mobile and desktop applications
7. Select all of the URLs > Custom redirect URLs: https://localhost > Click Configure

API Permissions:

1. Click API permissions > Add a permission
2. Click Microsoft Graph
3. Click on Delegated permissions > Add Directory.AccessAsUser.All > Click Add Permissions
4. Click Grant admin consent for your org

Configuring Moxie:

1. Go to App registrations > Omnivex Moxie > Note down the Application (client) ID & Directory (tenant) ID
2. Run the Omnivex Moxie Data Server Configuration (MDSC application)
3. Click Use Permissions
4. Select Authorization type: Azure Active Directory
5. Fill in the Application (client) ID and Directory (tenant) ID with the values in Step 1 above
6. Click Test Connection
7. Sign in with the email that is in the Data Server Admin Group
8. You should receive a notice in the MDSC to say "Your Azure Active Directory settings have been successfully verified"

Assigning users to the Moxie App:

1. Open Moxie Studio
2. Login with the account in the Data Server Admins group
3. Click on Permissions Manager under Modules
4. Click on a module (e.g. Player Manager)
5. Click Add Groups at the top left of the ribbon
6. From the Add Groups dialog, click Select Groups
7. Search for a group to whom you want to grant the permission
8. Click Find Now
9. Click Ok