Microsoft SSO
This guide describes the following topics required to configure Microsoft SSO.
- Registering Your Application in Azure AD
- Creating a Secret for Authentication
- Assigning API Permissions
- Implementation and Testing
Registering Your Application in Azure AD
This section describes how to establish your application as a recognized entity in Azure AD to facilitate secure interactions.
- Using an administrative account, log into the Azure AD portal.
- In the navigation pane on the left, select App registrations.
- At the top of the page, click New Registration.
- Enter a descriptive name that helps identify the application within your organization.
- In the Supported Account Types section, select one of the following options.
- Single Tenant: limits access to users within the organization.
- Multitenant: allows users from any Azure AD directory to access the application.
- From the Select A Platform drop-down menu, select Web.
- Next to the Select A Platform menu, specify a URI to which Azure AD will send authentication responses.
- Click Register.
- Make note of the Application ID for future reference.
Creating a Secret for Authentication
This section describes how to generate a secret key that your application uses to authenticate itself with Azure AD.
- In the Azure AD portal, navigate to Manage > Certificates & Secrets.
- On the Client Secret tab, click New Client Secret. The Add a Client Secret window displays.
- Provide a meaningful description for the secret, i.e. "Production Key 2024".
- Select an option from the Expires drop-down menu.
- Note the value displayed on the Client Secrets tab.
Assigning API Permissions
This section describes how to specify which resources your application can access and which actions it can perform in Azure AD.
- In the Azure AD Portal, navigate to Manage > API Permissions.
- Click Add a Permission.
- Select an API and click Delegated Permissions.
- Add permissions as needed.
Warning
These permissions must align with the functionality your application requires.
- To apply these permissions across all users in your directory, click Grant admin consent for [your directory]".
- Click Yes.
Implementation and Testing
The section describes how to integrate and verify that SSO via Azure AD is functioning correctly in your application.
- In your application authentication settings, input the Application (Client) ID and the Client Secret.
- Configure the authentication library or framework you are using (such as Microsoft's Identity platform libraries) to interact with Azure AD using these credentials.
- Implement a login feature where users are redirected to Azure AD for authentication.
- Verify that after successful authentication, Azure AD redirects users back to your application's specified redirect URI.
Note
Your application should handle this response to authenticate the user internally.
- After implementation, monitor the integration closely for any performance issues or errors.
- Review logs and user feedback to identify and troubleshoot any potential problems in the SSO process.