[sitename].enterprise.pozi.com forces the user to authenticate before proceeding to the Pozi site. These users will gain access to their organisation's private datasets.
Public users should continue to use
[sitename].pozi.com. They will not be prompted to authenticate, and they will have access to only public data.
The following settings are configured in the Pozi Config Manager, within the Site settings.
Azure Application Proxy Settings
When enabled, Pozi will attempt to authenticate the user when in 'enterprise' mode.
Due to a bug in the interface, it's not possible to tick this box directly using a mouse. Instead, place the cursor in the text box preceding the tickbox, press Tab to focus the cursor on the tickbox, then press Space to toggle the tickbox.
Application Proxy External URL
The externally accessible URL to access the Application Proxy.
This is defined in Enterprise Applications => Application Proxy => External Url
Application Proxy Internal URL
The internally only accessible URL to access the Pozi Server from within the client's network.
This is defined in Enterprise Applications => Application Proxy => Internal Url.
- North Burnett:
- Glen Eira:
- Swan Hill:
- Southern Grampians:
- Cardinia: (none)
- Northern Grampians:
Token based authentication is recommended and the default. Only use cookie based authentication as a fallback.
Client ID / Application ID
This is sometimes also called 'application id' and has the following structure:
The client id is defined in Enterprise Applications => Properties.
This has the following structure:
https://login.microsoftonline.com/<tenant id>, where tenant id looks like
The tenant id is defined in Azure Active Directory => Overview.
Scopes provide the possibility to request extra permissions. Make sure that the scopes are valid. Otherwise, the whole authentication process may fail.
Also, make sure to at least add a scope for user impersonation, which is a requirement for Application Proxy access (e.g.
Scopes are defined in App Registrations =>
<the pozi server app> => Expose an API.
Local Data Source
Pozi requires that the
PoziServerURL field points to a valid JSON endpoint that is behind the Azure App Proxy. If there is no URL configured or if it does not go through the Azure App Proxy, Pozi will not attempt to authenticate the user.
Guide client to configure:
- DNS redirection for
local.pozi.comto server on which Pozi Server has been installed as per normal
- Azure Application Proxy to point to https://local.pozi.com/
- ensure "Pre Authentication" is Azure Auth, not passthrough (refer Cardinia notes)
Afterthought: DNS redirection may not be required at all if the Azure App Proxy is just pointed directly to the server
When configured correctly, a request from a logged-in user to URL (for example)...
...should return the same response as a local request to...
Ensure it doesn't return a response to a non-logged-in or anonymous user.
Configure site with new resource check URL, and test accessing private datasets within Pozi app (ie, by adding as a layer) to check for any issues with CORS.
Ensure the user's browser's privacy settings allow third party cookies.