Azure AD
Categories:
2 minute read
Setup
Setting up the Azure AD integration requires the configuration of an Azure App registration. See Azure App registration configuration.
| Field Name | Description |
|---|---|
| Issuer | Specifies the Azure App OpenID metadata endpoint. |
| Client ID | Specifies the Azure App client ID. |
| Secret | Specifies the Azure App secret. |
Before being able to save the configuration, validation of the Issuer needs to be performed by pressing the
Test button.Once the validation has been performed and the configuration saved, the sync section will be available.
- Sync all users - Syncs all available users along with all the groups associated to the users.
- Sync users from specific groups - Syncs all users from the selected groups.
- At any given point the sync selection can be changed and saved, and the sync will automatically start.
Azure App registration configuration
The following information is only partial Azure AD reference for configuring an App registration via the Microsoft Azure Portal. Information presented in the following images might have changed.
- Create a new
App Registration
- Once you’ve registered your application you need to make a note of the Application Client ID and Metadata endpoint that provides the Open ID metadata. You can find it by click on Endpoints at the top of the application. The Application Client ID will be used for the Client ID configuration parameter of the Identity Provider in Trustgrid Portal. The metadata endpoint goes in the Issuer configuration parameter of the Identity Provider in Trustgrid Portal. It should be something like https://login.microsoftonline.com/<app_id>/v2.0 Ignore what comes after the /.well-known part.
- Configure the Authentication piece of the Azure app
- Add a platform by selecting the “Web” type and add the corresponding redirect uri and logout url, and select both Access Tokens and ID tokens checkboxes.
| Field Name | Description |
|---|---|
| Trustgrid Redirect URL | https://id.trustgrid.io/auth/openid/callback |
| Trustgrid Logout URL | https://id.trustgrid.io/logout |
- You need to create a secret for the authentication piece. You can select the expiration to be any of the selections. Once you create the secret make sure to make a note of the “value” since that piece of information is what is going to be used under the Secret configuration parameter of the Identity Provider in Trustgrid Portal.
- Once you’ve created the client secret, navigate to “Token Configuration” and add the “email” optional claim
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.