Versions Compared

Version Old Version 15 New Version Current
Changes made by

Dennis Mergemann (Unlicensed)

Dennis Mergemann (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configuration

English | Deutsch

TABLE OF CONTENTS

Table of ContentsminLevel3

maxLevel3

An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.

Step 1:

  1. Create an App registration in Azure AD (tab App Registrations)

Step 2:

  1. Configure Supported Account types. The value should be “Only Account from this AD” (single tenant).

    1. Azure AD

    1. : https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

Step 3:

  1. Add a redirect URI to the App Registration. The redirect URI will be the following

with a replacement for our okta domain

  1. : https://

<our-okta-domain>

  1. access.questback.com/oauth2/v1/authorize/callback

    1. For Production: https://access.questback.com/oauth2/v1/authorize/callback

Step 4:

  1. Add permission for “UserRead” to that App Registration.

    1. The value will be https://graph.microsoft.com/User.Read

Step 5:

  1. Add optional claims to the manifest of the created App Registration in Azure AD. The family_name and the given_name have to be sent.

  2. Create a secret for that App Registration and remember it.

  3. Remember the client ID of that App Registration.

Code Block
 "optionalClaims": {
    "idToken": [
        {
            "name": "family_name",
            "essential": true
        },
        {
            "name": "given_name",
            "essential": true
        }
    ]
},
"accessToken": [],
"saml2Token": []

Step 6:

Create a secret for that App Registration and remember it

Step 7:

Remember the client ID of that App Registration