Support for multiple domains for your Liquit Workspace Server

With the latest release of Liquit Workspace it has become possible to support multiple domains for your Liquit Workspace. This feature is useful when your organization undergoes a name change or if you want multiple organizations to connect to the same zone while retaining branding per domain while still delivering applications from a single portal.

For this example we will add a new domain to an already configured Liquit Workspace environment with a Azure AD identity source used to authenticate users. To follow along you will need access to the following components:

  1. You user account should have an access policy with the privileges to create, modify and remove domains in Liquit Workspace.
  2. Your user account should have an access policy with the privileges to modify the existing Azure AD identity source.
  3. You should have access to the Azure App registration in the azure portal.
  4. You should have a valid certificate added to Liquit Workspace that can be used for the new domain or should have it configured so you can request an ACME certificate for your domain.

Getting started; set up your new domain

For this part I will assume you already set up the DNS record for your new domain, if you are unsure how you should set this up please contact your partner.

As is with any change on the configuration of your Liquit Workspace environment you can find the option to add a domain on the “Manage” tab. Under the “System” configuration options you will find the “Domains” option.

Tip: if you can’t find what you are looking for you can search by typing the functionality you are looking for.

After you have located the ‘Domains’ option you can open up the domains tab by clicking the text. In the next screen you have the option to add a new domain, you can do this by clicking the ‘Add’ button in the toolbar of the grid. You might also notice you cannot edit your default zone (indicated by the checked box in Default column).

After clicking on the ‘Add’ button a modal window will appear to ask you to name the zone and specify the virtual host you want the Workspace to be available on. On the ‘Certificate’ tab you can add your certificate directly, you can choose to use a certificate you have already uploaded to Liquit Workspace or make use of an ACME certificate. Currently only the “Let’s Encrypt” certificate provider is supported. It is required to at least enter one valid email address for validation.

Set up Azure AD to allow the new domain for Authentication

Now that we are all done with adding the new domain, we can configure the identity source to use the new domain. To facilitate this we need to navigate to the identity sources in Liquit Workspace, the identity sources can be accessed under the ‘Authentication’ section on the management tab. Of course you can always use the search function to find the Identity Sources if you have trouble finding the option.

When you have accessed the Identity Sources you can edit your identity source by selecting it and click ‘edit’ in the toolbar of the grid. Alternatively you can double click it and you will be also directed to the edit screen. Today we are configuring the Azure AD Identity Source, so you need to select an identity source with the type ‘Azure AD’ to follow along.

After selecting the identity source you need to navigate to the ‘Settings’ page, you can do this by using the lefthand menu.  We will be changing the ‘Use redirect uri’ option to make sure we can add a new endpoint to our Azure AD app registration. Change the the option to: “Federated configuration” and you are all set in the Liquit Workspace.

For the last bit of the configuration you need to open up the App registration in the Azure portal.  You can use the search in Azure to identify the app registration you need to edit. When you have the app registration opened up choose “Authentication” in the left hand menu. Here you will find the redirect URIs. Add your new virtual host and add it to the grid, please take note you need to suffix your domain with /api/auth/token/end for the configuration to work.

Customization per domain

 

Now the technical part is done it is time for the fun part, it is time to tailor the workspace per used domain. To do this navigate to “Contexts” under the “Authentication” in the management interface.

Create a new context by selecting the “Add” button in the grid toolbar. For this configuration we will be using a “filter” type context. Give the to be created context a easily identifiable name and optionally provide it with a description. After you have created the new context we are able to configure the filters. After opening the context navigate to the “Filters” page by using the left hand menu.

To create a new filter we first need to create a new filter set, you can do this by clicking the “Create filter set” button in the toolbar of the page.  On this new filter set we will create a new filter, you can do this by clicking on the “Create filter” button in the toolbar of the filter set. In the next dialog choose “Hostname”. Enter the new virtual host under the value and make sure the compare is set to “Equal”. When you are done you can click confirm, you can define any other filters you will need for this contexts, once your done don’t forget to click the “Save filters” button on the page toolbar.

 

You can now configure the Variables, Content Access, Agent Settings, Portal Settings, User Settings, Login Settings, Packages and Deployments for any user or device accessing the Workspace via your new domain. In this example I will set a new logo for the portal.

Choose “Portal Settings” in the left hand menu and click the zone icon behind the logo option. This icon indicates it is currently managed by the zone configuration, by overriding it you can set a different value for the context you are editing. Setting you have not overridden will inherit their value from the zone and are manageable via the global ‘Portal settings’ option in the management interface.

Use the “…” button on the logo selector select the file you will be using as a logo in the left hand corner. Once your done don’t forget to save and test out your customization. Access your workspace with the new domain, is something not working check your context by accessing the diagnostic page in the user portal.