Blog

Versions

User Guide

Contact Us
+31 (0)70 31 84 404
support@h5mag.com
@H5mag

Access Control using Microsoft Entra

If you’re using H5mag Enterprise, you can enable the Microsoft Entra Access module (formerly Microsoft 365 / SharePoint Access). This module allows you to restrict access to your editions so they can only be read by authorised users.

Access is managed through your Microsoft Entra ID environment (previously known as Azure Active Directory), which securely integrates with your organisation’s Microsoft 365 and SharePoint environment.

Steps to take

Follow the steps below to add the Microsoft Entra Access Module. You need to have administrative privileges within your Microsoft 365 environment. If you do not have those yourself, ask your IT administrator.

  1. Go to https://portal.azure.com/ and log in
  2. Open the ‘Microsoft Entra ID’ tab
  3. Open the ‘App registrations’ tab
  4. Click ‘Endpoints’ in the top bar
  5. Copy the value of the ‘OAUTH 2.0 AUTHORIZATION ENDPOINT’ into the H5mag setting ‘Authority URL’
  6. Go back to the ‘App registrations’
  7. Click ‘New application registration’ in the top bar
  8. Enter a name (e.g. ‘H5mag Access Control’)
  9. Select ‘Web app / API’ as Application Type
  10. Use https://account.h5mag.com/auth/check-magazine-access as the sign-on URL
  11. Open the app settings
  12. Copy the Application ID into the H5mag setting ‘Client Application ID’
  13. Open the ‘Keys’ tab (click ‘All settings’ if needed)
  14. Create a new key using ‘H5mag Token’ as the name and a valid expire duration
  15. Click ‘Save’ and copy the ‘Value’ of the newly added password into the H5mag setting ‘Client Secret’
  16. Save the Services page in H5mag

By default, the reader will need to press a ‘Grant Permission’ button the first time they sign in. If you want your readers to skip this step (recommended for maximum readership), you can grant H5mag access to read the names of all users in Microsoft Entra without confirmation, by selecting ‘Required Permissions’ and using the ‘Grant Permissions’ option in Azure.

Only allow a group of users to read the publication

By default, editions are available to all users of Microsoft Entra who authenticate successfully. You can restrict access to the editions to a specific set of users.

Via ‘Enterprise Application’ > ‘Users and Groups’ you can assign users who can access the publication. First enable the setting ‘User assignment required’, which defaults to No.

Microsoft has detailed the steps for user assignment in their documentation: How to: Restrict your app to a set of users

Linking Security Groups to Tags

You can link Microsoft Entra security groups to tags in your H5mag project. This step is optional but useful if you want to control access to specific editions.

Each tag can include one or more Entra groups. When someone signs in, H5mag checks their group memberships and gives access to editions with matching tags.

Add these links in the Security tags / Microsoft Entra groups (JSON) field in your project settings. Each entry lists a tag name and the corresponding group IDs or names from your Entra environment.

[
  {
    "tag": "Finance",
    "allowed-groups": [
      {
        "guid": "00000000-1111-2222-3333-444444444444",
        "ms-group-name": "Example_EntraGroup_Finance"
      }
    ]
  }
]

In this example, users in the “Example_EntraGroup_Finance” group automatically get access to all editions tagged Finance in H5mag.

If you don’t link any groups, all authorised Entra users can access the editions in the project.

Personal Data in Microsoft Authentication

H5mag does not store or process any personally identifiable information (PII) such as names or email addresses. During authentication, Microsoft Entra confirms that the user is authorised. H5mag only uses this confirmation to verify access rights and does not log or retain any user details.

This approach aligns with GDPR principles by ensuring that only the minimum necessary data is processed.

Last modified: