Integrate Azure Active Directory IdP
Register an Application in Azure Active Directory
Setup the Configuration of the Azure AD Application in Authing
Create an Application in Authing
Use Azure AD to Login
Register an Application in Azure Active Directory
To enable users to login to your applications with Azure AD accounts, you need to register your application at Microsoft Azure Portal firstly.
Here is the official document with more details: Quickstart: Register an application with the Microsoft identity platform (opens new window)
You need focus on following settings during the registeration process:
Supported account types
: Which is the supported types of your accounts and you need to choose appropriate type for your use cases. If you wish accounts from other organizations also could use your applications, please chooseAny Azure AD directory - Multitenant
, or you just want users in your own organization to use these applications, please useSingle tenant
.
If you choose Single tenant
, when users from other organizations try to login with Azure AD, following error will show up.
Redirect URI
: please usehttps://core.authing.cn/connections/azure-ad/callback
After the creation is complete, Azure will automatically generate an Client ID for this application, you can check it in Overview tag and it will be used in the next step.
¶ Setup an Client Secret
Here is the official document with more details: Quickstart: Configure a client application to access web APIs - Add Credentials to your web application. (opens new window)
Access the application in Azure and in the Certificates & secrets tage, click + New client secret.
Then choose the expired time of the secret.
After that you can see that a secret is generated which will be used in the following steps.
¶ Add Permissions for Your Application's API
Here is the official document with more details: Quickstart: Configure a client application to access web APIs - Add permissions to access web APIs. (opens new window)
Make sure your application has the following premissions:
Users > User.Read
: Which means users who have logged in can view their own profile.Directory > Directory.Read.All
: Which means users who have logged in can read information about user directory.