LocalGovApi service
The LocalGovApi service searches for properties that will be used to create property cases with BFE (Bestemt Fast Ejendom) numbers in WorkZone.
Multitenant app registration
The LocalGovApi and KleUpdate services require access to WorkZone OData. To enable the access, you need to create an app registration for each service. Follow these steps for each service:
-
Follow steps 1 and 2 in Set up third-party integrations in Azure.
-
Give your application a meaningful name as it will be linked to a system user in WorkZone (See step 7).
-
Make sure to note the Directory (Tenant) Id, Application (Client) ID and Client Secret from the previous step.
-
Go to Entra ID > App Registration and select your app.
-
Click the app name/link next to Managed Application in local directory.
-
Copy the Object ID (Enterprise Application Object ID) and note it down for later use.
-
Update the WorkZone users in the database with the corresponding Object ID using the following command:
update users set oid='{Object ID}' where user_name =' FKCLAIMSADM';
Adding secrets
You need to create secrets using the values that you noted down in step 3 of the Multitenant app registration registration process. The secrets must be assigned to a predefined secret key. Below is the mapping of secret keys to their corresponding required values:
| Secret key | Secret value owner |
|---|---|
|
WORKZONE-AZURESYS-TENANTID |
The Directory (Tenant) ID corresponding to the LocalGovApi service, see Multitenant app registration (step 3). |
|
WORKZONE-AZURE-SYS-FKCLAIMSADM-CLIENTID |
The Application (Client) ID for the LocalGovApi service, see Multitenant app registration (step 3). |
|
WORKZONE-AZURE-SYS-FKCLAIMSADM-CLIENTSECRET |
The Client Secret for the LocalGovApi service, see Multitenant app registration (step 3). |
Customer specific secrets (azure-aks-key-vault)
The KleUpdate service requires access to external services for synchronizing facets and classifications. The necessary access information is customer-specific and must be provided by the customer. The customer needs to provide a Client ID and a Client Secret to access STS-Bridge system. Client ID and Client Secret must be assigned to the following predefined secret keys:
-
WORKZONE-KOMSERVICE-STSBRIDGE-CLIENTID
-
WORKZONE-KOMSERVICE-STSBRIDGE-CLIENTSECRET
Environment variables and Helm chart variables
The table below lists the variables and corresponding values that specific to the LocalGovApi service.
| Variable | Test value |
Production value |
|---|---|---|
|
jwksUrl |
https://identity.kmd.dk/adfs/discovery/keys |
https://identity.kmd.dk/adfs/discovery/keys |
|
authority |
https://identity.kmd.dk/adfs/services/trust |
https://identity.kmd.dk/adfs/services/trust |
|
applicationIdentifier |
microsoft:identityserver: 6a6018a3-6982-4756-a92e-e699ca846b72 |
microsoft:identityserver:52c3b477-fb3d-493d-9401-5a0b5d71e05a |
Configure lookup of BFE (Bestemt Fast Ejendom)
To use BFE property lookup, you must provide a certificate along with its corresponding password that will grant access to the Datafordeler services. You configure BFE lookup in WorkZone Configurator.
-
In WorkZone Configurator, go to Services > Contact synchronization > BFE.
-
Upload the certificate and enter the password.
See BFE.
Required endpoint access
The following endpoints must be accessible on deployment environment to access external services:
-
https://identity.kmd.dk/adfs/discovery/keys
-
https://identity.kmd.dk/adfs/services/trust
-
https://identity.kmd.dk/adfs/oauth2/token
-
https://kmd-stsbridge-prod2-webapp.azurewebsites.net - (Production Environment)
-
https://kmd-stsbridge-test1-webapp.azurewebsites.net - (Test Environment)
-
https://certservices.datafordeler.dk
-
https://api.dataforsyningen.dk