Versions Compared

Version Old Version 4 New Version Current
Changes made by

Dennis Mergemann (Unlicensed)

Dennis Mergemann (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Decision report
cqlspace = currentSpace()

English | Deutsch

An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.

The following are tips for clients how to configure an Azure AD instance. This is just an experience report. The following will always be part of the clients infrastructure and we will not configure anything in there.

Azure AD Configuration:

...

  1. Create an App registration in Azure AD (tab App Registrations)

...

  1. Configure Supported Account types

...

  1. . The value should be “Only Account from this AD” (single tenant).

...

    1. Azure AD: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

...

  1. Add a redirect URI to the App Registration

...

  1. . The redirect URI will be the following

...

  1. : https://

...

  1. access.questback.com/oauth2/v1/authorize/callback

    1. For Production: https://access.questback.com/oauth2/v1/authorize/callback

...

  1. Add permission for “UserRead” to that App Registration.

    1. The value will be https://graph.microsoft.com/User.Read

...

  1. Add optional claims to the manifest of the created App Registration in Azure AD.

...

  1. The family_name and the given_name have to be sent.

  2. Create a secret for that App Registration and remember it.

  3. Remember the client ID of that App Registration.

Code Block
 "optionalClaims": {
    "idToken": [
        {
            "name": "family_name",
            "essential": true
        },
        {
            "name": "given_name",
            "essential": true
        }
    ]
},
"accessToken": [],
"saml2Token": []

...

Step 6: Create a secret for that App Registration and remember it

...