TABLE OF CONTENTS
| Table of Contents | ||||
|---|---|---|---|---|
|
An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.
Step 1:
Create an App registration in Azure AD (tab App Registrations)
Step 2:
Configure Supported Account types. The value should be “Only Account from this AD” (single tenant).
Azure AD | https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant |
Step 3:
Add a redirect URI to the App Registration. The redirect URI will be the following with a replacement for our okta domain: https://<our-okta-domain>/oauth2/v1/authorize/callback
For Production: https://access.questback.com/oauth2/v1/authorize/callback
Step 4:
Add permission for “UserRead” to that App Registration. The value will be https://graph.microsoft.com/User.Read
Step 5:
Add optional claims to the manifest of the created App Registration in Azure AD. The family_name and the given_name have to be sent.
| Code Block |
|---|
"optionalClaims": {
"idToken": [
{
"name": "family_name",
"essential": true
},
{
"name": "given_name",
"essential": true
}
]
},
"accessToken": [],
"saml2Token": [] |
Step 6:
Create a secret for that App Registration and remember it
Step 7:
Remember the client ID of that App Registration