Skip to main content

How do I set up SSO with Microsoft Azure?

This guide details the steps required to configure Microsoft Azure to allow your users to login using their Microsoft account.

Updated this week

Prerequisites

  1. A Microsoft Azure AD Tenant where you have permission to create application registrations.

  2. You must be able to log into the web app as an Administrator.

Setup

  1. Log into the Azure Web Portal (Microsoft Azure )

  2. Make sure you have the right Tenant selected:

    1. Look at the top right of the screen and the Tenant name is displayed under your email address (shown in red below).

    2. If the wrong one is selected click your profile picture and select Switch directory.

  3. Use the search bar at the top of the screen to find the App registrations section.

  4. Select New registration.

  5. Enter a suitable name for the application name.

  6. Choose the support account types that best suits your needs. The default Accounts in this organizational directory only is generally acceptable unless you have multiple AD domains.

  7. Under Redirect URI:

    1. Select the platform dropdown and select Web

    2. Set the URL to:
      https://[Your server's external IP]:9443/ssoCallback

      (e.g. https://www.mycompany.com:9443/ssoCallback)

      You should also change the 9443 port number to reflect your server's external web server port if you've remapped it!

      How do I find out my server's external IP?

  8. Click the Register button.

  9. Select Certificates & secrets from the left-hand menu (under the Manage sub menu).

  10. On the Client secrets tab select the New client secret button:

    1. The description is not important - enter a name of your choosing

    2. Set the Expires in accordance with your cybersecurity policy.
      Note: If you select a short period, you will need to set a reminder to generate a new secret and update your SSO settings before the existing one expires.

  11. After the application is added the portal will display a Value and Secret ID. You do not need to use the Secret ID but the Value will be the SSO secret and you must take a note of this.
    Important: The portal will only show the secret value once so you will need to make a note of it before browsing away from this page.

  12. Select Overview from the left-hand menu:

    1. Make a note of your Application (client) ID - this will be your "Client ID" field you will need in a later step.

    2. Select Endpoints and make a note of your OpenID Connect metadata document URL.

  13. Log in to EdgeVis Server, and from the home page, select All server settings -> User Settings -> Single sign-on. This will take you to the settings pages for SSO - click the Edit the single sign-on settings for the server button.

  14. Check Enable single sign-on.

  15. Using the settings you saved earlier, enter the following:

    1. Open ID Connect Configuration Url: Enter the URL you saved in Step 12a.

    2. Open ID Connect Client ID: Enter the Application (client) ID you saved in Step 12b.

    3. Open ID Connect Client Secret: Enter the Secret ID you saved in Step 11.

  16. Once you have entered all three settings, you should hit the test link to confirm you have entered the correct settings:

  17. If the test is successful, click Submit to save your settings - your server is now ready for single sign-on users!

Next steps

You can now:

Did this answer your question?