Airgentic Help
This checklist covers every step required to get a secure Airgentic service up and running. Each task is marked with who performs it — Customer or Airgentic — so nothing falls through the cracks.
SharePoint Online users: Before starting this checklist, complete the SharePoint Prerequisites Checklist first. You need to set up your callback page in SharePoint before you can register the redirect URI in your identity provider.
These steps register Airgentic as an application in your identity provider so your users can sign in. See Registering Airgentic in your Identity Provider for detailed instructions.
| Task | Who | |
|---|---|---|
| ☐ | Create a new App Registration in your identity provider (e.g. Microsoft Entra ID) - Name: Airgentic (or something similar) - Supported account types: Single tenant only - Default Directory - Platform: Web (not Single-page application) - Add the callback URL as a redirect URI (e.g. https://intranet.yourorg.gov.au/callback). Note that this exact URL must be configured in the Airgentic console as a Redirect URI. |
Customer |
| ☐ | Create a Client Secret in Certificates & secrets (note the secret value — it is only shown once) | Customer |
| ☐ | Note the Application (client) ID, Directory (tenant) ID, and Client Secret value | Customer |
| ☐ | If access will depend on groups, make sure Entra includes the user’s group memberships in the token it sends back during login. Go to Token configuration, click Add Groups Claim, and configure the groups claim. | Customer |
| ☐ | Send the following to Airgentic: - Application (client) ID - Directory (tenant) ID - Client Secret - Redirect URI(s) - Allowed origin(s) - Authorisation preference (email domain / specific emails / groups) |
Customer |
Airgentic completes these steps after receiving your details. No action is required from the customer.
| Task | Who | |
|---|---|---|
| ☐ | Enable secure mode for the service | Airgentic |
| ☐ | Configure allowed origins (your site URLs plus Airgentic system URLs) | Airgentic |
| ☐ | Add the OIDC configuration (issuer URL, client ID, client secret, redirect URIs, scopes) | Airgentic |
| ☐ | Configure authorisation rules (email domain, individual emails, or group membership) | Airgentic |
| ☐ | Configure secure document image serving if documents contain sensitive content (the admin console will do this automatically) | Airgentic |
| ☐ | Deploy the configuration | Airgentic |
| ☐ | Provide the embed code (account ID, service ID, and authentication attributes) to the customer | Airgentic |
See Adding the Secure Widget to Your Site for detailed instructions.
| Task | Who | |
|---|---|---|
| ☐ | Add the Airgentic script tag with data-auth-mode="oidc" and data-auth-redirect-uri to your page |
Customer |
| ☐ | Ensure the callback page (the data-auth-redirect-uri URL) also includes the Airgentic script tag |
Customer |
| ☐ | Confirm the data-auth-redirect-uri exactly matches the redirect URI registered in your identity provider |
Customer |
| Task | Who | |
|---|---|---|
| ☐ | Airgentic tests with an Airgentic account to verify the service configuration | Airgentic |
| ☐ | Open the page in a browser and confirm the widget redirects to your organisation's sign-in page | Customer |
| ☐ | Sign in with an authorised account and confirm the widget loads and responds | Customer |
| ☐ | Test with an unauthorised account (e.g. a personal email) and confirm it is rejected | Customer |
| ☐ | (If using groups) Test with a user in the required group and one outside it | Customer |
| ☐ | Report any issues to Airgentic | Customer |
| ☐ | Resolve any configuration issues identified during testing | Airgentic |
| ☐ | Confirm everything is working as expected | Customer |
If you're hosting the widget on SharePoint Online and have completed the SharePoint Prerequisites Checklist, complete these final steps after Airgentic provides your Account ID and Service ID.
| Task | Who | |
|---|---|---|
| ☐ | Configure the Airgentic web part on your callback page with the Account ID, Service ID, and Redirect URI | Customer |
| ☐ | Add the Airgentic web part to other SharePoint pages where you want the widget, using the same Redirect URI (your callback page URL) | Customer |
| ☐ | Test the widget on a SharePoint page | Customer |
| ☐ | (If applicable) Test in Microsoft Teams or Viva Connections if users access the intranet through them | Customer |
| Task | Who | |
|---|---|---|
| ☐ | Remove any temporary test accounts from the authorisation rules (if applicable) | Airgentic |
| ☐ | Confirm the service is ready for production use | Both |
Need help at any point? See Contacting Airgentic.