Azure AD Single Sign-On Configuration Guide

Important: This guide will help you configure Azure AD for Single Sign-On with your domain.

Step 1: Azure AD App Registration

1. Go to Azure Portal

2. Navigate to "Azure Active Directory" > "App registrations"

3. Click "New registration"

4. Enter the following details:

Name: Your Domain SSO App
Supported account types: Accounts in this organizational directory only
Redirect URI: https://yourdomain.com/approot/sharecode

Step 2: Configure Authentication

1. In your app registration, go to "Authentication"

2. Add the following redirect URIs:

Redirect URIs: https://yourdomain.com/approot/sharecode

3. Enable "Access tokens" and "ID tokens"

Step 3: API Permissions

1. Go to "API permissions"

2. Click "Add a permission"

3. Select "Microsoft Graph"

4. Add the following permissions:

  • User.Read
  • User.ReadBasic.All

Step 4: Client Credentials

1. Go to "Certificates & secrets"

2. Create a new client secret

3. Copy the following values to your SSO configuration:

Application (client) ID: [Copy from Azure Portal]
Directory (tenant) ID: [Copy from Azure Portal]
Client Secret: [Copy from Azure Portal]

Step 5: SAML Configuration

1. Go to "Single sign-on" in your app registration

2. Select "SAML" as the sign-on method

3. Configure the following settings:

Identifier (Entity ID): https://yourdomain.com/api
Reply URL: https://yourdomain.com/api/sso/acs
Sign on URL: https://yourdomain.com/login

Step 6: Download Federation Metadata

1. In the SAML configuration, click "Download" next to "Federation Metadata XML"

2. Save this file for your SSO configuration

3. Upload this metadata file in your SSO configuration form

Configuration Summary

Once you have completed all steps, enter the following information in your SSO configuration:

Note: Replace "yourdomain.com" with your actual domain name throughout this guide. The placeholders above will be automatically replaced with your actual domain when you view this guide in the application.

Step 1: Azure AD App Registration

1. Go to Azure Portal

2. Navigate to "Azure Active Directory" > "App registrations"

3. Click "New registration"

4. Enter the following details:

Name: Your Domain OAuth2 App
Supported account types: Accounts in this organizational directory only
Redirect URI: https://yourdomain.com/api/sso/oauth2/callback

Step 2: Configure Authentication

1. In your app registration, go to "Authentication"

2. Add the following redirect URIs:

Redirect URIs: https://yourdomain.com/api/sso/oauth2/callback

3. Enable "Access tokens" and "ID tokens"

4. Set "Front-channel logout URL" to: https://yourdomain.com/api/sso/logout

Step 3: API Permissions

1. Go to "API permissions"

2. Click "Add a permission"

3. Select "Microsoft Graph"

4. Add the following permissions:

  • User.Read
  • User.ReadBasic.All
  • openid
  • profile
  • email

Step 4: Client Credentials

1. Go to "Certificates & secrets"

2. Create a new client secret

3. Copy the following values to your SSO configuration:

Application (client) ID: [Copy from Azure Portal]
Directory (tenant) ID: [Copy from Azure Portal]
Client Secret: [Copy from Azure Portal]

Step 5: OAuth2 Endpoints

1. Go to "Overview" in your app registration

2. Note the following endpoints:

OAuth 2.0 authorization endpoint: https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/authorize
OAuth 2.0 token endpoint: https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/token
OpenID Connect metadata document: https://login.microsoftonline.com/[tenant-id]/v2.0/.well-known/openid_configuration

Configuration Summary

Once you have completed all steps, enter the following information in your SSO configuration:

Note: Replace "yourdomain.com" with your actual domain name and "[tenant-id]" with your Azure AD tenant ID throughout this guide. The placeholders above will be automatically replaced with your actual domain when you view this guide in the application.