Add and Configure the Vantagepoint Application
You must add and configure the Vantagepoint application in Azure AD.
To add and configure Vantagepoint in Azure AD:
-
Go to
https://portal.azure.com to launch the Azure portal.
If you are using Azure AD Government (GCC High), go to https://portal.azure.us. Contact Deltek Support for configuration information.
- Under the Manage Microsoft Entra ID tile, click View.
- On the Manage menu at the left, click App registrations.
- From the actions at the top of the menu on the App Registrations screen, select + New registration.
-
Perform the following actions on the Register an Application screen:
- In the Name field, enter: Deltek Vantagepoint.
- Under the Supported account types section, select Accounts in this organizational directory only.
-
Under Redirect URI (Optional), select
Web and enter your customer URL.
For the ABC Engineers company hosted in deltekfirst.com, enter https://abcengineers.deltekfirst.com/abcengineers/app.
Replace abcengineers with your customer URL.
For the Apple Bartlett company using an on-premises installation on webserver1 in the applebartlett.com domain, enter https://webserver1.applebartlett.com/vantagepoint/app.
Replace webserver1.applebartlett.com with your server’s FQDN or DNS name.
-
Click
Register to create and save the application.
The properties of the Deltek Vantagepoint application display.
-
Hover over the
Application (client) ID and click the clipboard icon to store the ID for future use.
You will enter this ID into the Server Client ID field in the Active Directory section of Settings > General > Options in Vantagepoint.
- On the Manage menu, select Certificates & Secrets.
-
On the Certificates and Secrets screen, click
+ New client secret and then complete these actions:
- In the Description field, enter: Deltek Vantagepoint Key
-
Under
Expires, Deltek recommends that you select
730 days (24 Months) or selct
Custom and set the expiration to another timeframe that suits your requirements.
This setting and recommendation is important. If you specify a shorter time period, you must schedule a reminder on your calendar to renew the secret at least one month prior to the expiration date or login errors will occur.
- Click Add to generate the secret value.
-
Click the clipboard icon to the right of the secret value to save the value for future use.
You will enter this value in the Secret Server Key field in the Active Directory section of Settings > General > Options in Vantagepoint.
- On the Manage menu, select Authentication.
-
On the Authentication screen, under Web Redirect URIs, complete the following actions.
Points to remember:
- Press TAB after you enter each URL.
- The URL entries are case-sensitive.
- Click Add URl.
-
Enter the OAuth authorization URL.
For the ABC Engineers company hosted in deltekfirst.com, enter https://abcengineers.deltekfirst.com/abcengineers/app/login/OAuth2AuthorizeReturn. Replace abcengineers with your customer URL.For the Apple Bartlett company using an on-premises installation on webserver1 in the applebartlett.com domain, enter https://webserver1.applebartlett.com/vantagepoint/app/login/OAuth2AuthorizeReturn. Replace webserver1.applebartlett.com with your server’s FQDN or DNS name.This URL must be what users use to launch Vantagepoint.If you already have Microsoft Entra ID SSO configured before you opt in to Use OpenID Connect SSO for Authentication in Settings > General > Opt-In, you must update your Redirect URIs in Azure to https://abcengineers.deltekfirst.com/abcengineers/login/OAuth2AuthorizeReturn for SSO to work successfully.
You can choose to opt in to this feature for the Vantagepoint 7.1 release. The ability to opt in is temporary and will be removed when the feature becomes automatically enabled for all Vantagepoint users in a future release. For more information, see Opt-In Feature Overview.
- If you are using Microsoft Entra ID for US Government (GCC High), you must add the URL that enables Vantagepoint to contact the correct Azure AD authentication endpoint through this link: https://login.microsoftonline.us. Contact Deltek Support for configuration information.
-
Enter the URL:
https://deltekvisionclient.
This is needed to launch the desktop application.
- Enter the URL: https://deltekvantagepointclient
-
If you use Mobile Time & Expense, or Mobile CRM, add the following URLs, clicking
Add URI to add the next entry:
- https://abcengineers.deltekfirst.com/abcengineers/touch/time/visionshared/backend/oauth2idtokenreturn.php
- https://abcengineers.deltekfirst.com/abcengineers/touch/time/visionshared/backend/oauth2idtokennativereturn.php
- https://abcengineers.deltekfirst.com/abcengineers/touch/crm/visionshared/backend/oauth2idtokenreturn.php
- https://abcengineers.deltekfirst.com/abcengineers/touch/crm/visionshared/backend/oauth2idtokennativereturn.php
Note the following:- Users must enter the exact URLs in supported browsers to access the application.
- On-premises users will replace the “https://abcengineers.deltekfirst.com/abcengineers” entries in each URL with the on-premises URL to launch Vantagepoint; for example: https://webserver1.applebartlett.com/vantagepoint.
- The italicized text for each URL listed is case-sensitive and must be entered in the exact upper/lower case as shown. You may encounter an error in Azure authentication if the italicized parts of the URLs are not entered correctly.
- In the Implicit grant and hybrid flows section, select ID tokens (used for implicit and hybrid flows).
- In the Supported account types section, select Accounts in this organizational directory only.
- In the Advanced Settings section, under Allow public client flows, set the Enable the following mobile and desktop flows option to No.
- Click Save at the bottom.
- On the Manage menu, select API permissions.
- On the API Permissions screen, click Grant admin consent for your domain by the Add a permission link, to make it available for end-users.
- Click Yes to grant consent for the requested permissions.
- Click the Next (right arrow) button at the top of the page to continue.