Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.

The following are tips for clients how to configure an Azure AD instance. This is just an experience report. The following will always be part of the clients infrastructure and we will not configure anything in there.

Azure AD Configuration:

Step 1: Create an App registration in Azure AD (tab App Registrations)

Step 2: Configure Supported Account types

The value should be “Only Account from this AD” (single tenant)

Also see https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

Step 3: Add a redirect URI to the App Registration

The redirect URI will be the following with a replacement for our okta domain: https://<our-okta-domain>/oauth2/v1/authorize/callback

For Production: https://access.questback.com/oauth2/v1/authorize/callback

Step 4: Add permission for “UserRead” to that App Registration

The value will be https://graph.microsoft.com/User.Read

Step 5: Add optional claims to the manifest of the created App Registration in Azure AD.

The family_name and the given_name have to be sent.

 "optionalClaims": {
    "idToken": [
        {
            "name": "family_name",
            "essential": true
        },
        {
            "name": "given_name",
            "essential": true
        }
    ]
},
"accessToken": [],
"saml2Token": []
  • No labels

© 2024 Tivian XI GmbH