Prerequisites
A Microsoft Azure AD Tenant where you have permission to create application registrations.
You must be able to log into the web app as an Administrator.
Setup
Log into the Azure Web Portal (Microsoft Azure )
Make sure you have the right Tenant selected:
Use the search bar at the top of the screen to find the App registrations section.
Select New registration.
Enter a suitable name for the application name.
Choose the support account types that best suits your needs. The default Accounts in this organizational directory only is generally acceptable unless you have multiple AD domains.
Obtain your Platform URL by logging into the web app, and copying the first two parts of the URL from your address bar. For example, your address bar may show:
https://www.url.com/eu1/#/notificationsThis makes your platform URL:
https://www.url.com/eu1
Under Redirect URI:
Select the platform dropdown and select Web
Set the URL to [Platform URL]/ssoCallback
(e.g. https://www.url.com/eu1/ssoCallback )
Click the Register button.
Select Certificates & secrets from the left-hand menu, the Client secrets tab then New client secret:
The description is not important - enter a name of your choosing
Set the Expires in accordance with your cyber security policy.
Note: If you select a short period you will need to set a reminder to generate a new secret and update your SSO settings before the existing one expires.
After the application is added the portal will display a Value and Secret ID. You do not need to use the Secret ID but the Value will be the SSO secret and you must take a note of this.
Important: The portal will only show the secret value once so you will need to make a note of it before browsing away from this page.
Select Overview from the left-hand menu:
Make a note of your Application (client) ID - this will be your "Client ID" field you will need in a later step.
Select Endpoints and make a note of your OpenID Connect metadata document URL.
Log into the web app as an Administrator.
Select Global Settings then the Change button next to Single Sign-On (SSO).
Check Enable Single Sign-On and enter the details you note from the Azure portal:
OpenID Connect metadata URL: Enter the URL you saved in Step 12a.
Client ID: Enter the Application (client) ID you saved in Step 12b.
Secret: Enter the Secret ID you saved in Step 11.
After saving your settings you should now be able to create a new user with an SSO account.
It is recommended to create a new test account that matches an e-mail address that is attached to an account within your Azure users.