Versions Compared

Version Old Version 11 New Version 12
Changes made by

Dennis Mergemann (Unlicensed)

Dennis Mergemann (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Live Search
spaceKeyDOC
placeholderSearch

Configuration

English | Deutsch

Expand
titleTABLE OF CONTENTS
Table of Contents
maxLevel3
minLevel2

An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.

...

Step 1:

Create an App registration in Azure AD (tab App Registrations)

Step 2:

Configure Supported Account types. The value should be “Only Account from this AD” (single tenant).

Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

Step 3:

Add a redirect URI to the App Registration. The redirect URI will be the following with a replacement for our okta domain: https://<our-okta-domain>/oauth2/v1/authorize/callback

For Production: https://access.questback.com/oauth2/v1/authorize/callback

Step 4:

Add permission for “UserRead” to that App Registration. The value will be https://graph.microsoft.com/User.Read

Step 5:

Add optional claims to the manifest of the created App Registration in Azure AD. The family_name and the given_name have to be sent.

Code Block
 "optionalClaims": {
    "idToken": [
        {
            "name": "family_name",
            "essential": true
        },
        {
            "name": "given_name",
            "essential": true
        }
    ]
},
"accessToken": [],
"saml2Token": []

Step 6:

Create a secret for that App Registration and remember it

Step 7:

Remember the client ID of that App Registration