Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 9 Next »

 TABLE OF CONTENTS

An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.

Azure AD Configuration:

Step 1:

Create an App registration in Azure AD (tab App Registrations)

Step 2:

Configure Supported Account types

The value should be “Only Account from this AD” (single tenant)

Also see https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

Step 3: Add a redirect URI to the App Registration

The redirect URI will be the following with a replacement for our okta domain: https://<our-okta-domain>/oauth2/v1/authorize/callback

For Production: https://access.questback.com/oauth2/v1/authorize/callback

Step 4: Add permission for “UserRead” to that App Registration

The value will be https://graph.microsoft.com/User.Read

Step 5: Add optional claims to the manifest of the created App Registration in Azure AD.

The family_name and the given_name have to be sent.

 "optionalClaims": {
    "idToken": [
        {
            "name": "family_name",
            "essential": true
        },
        {
            "name": "given_name",
            "essential": true
        }
    ]
},
"accessToken": [],
"saml2Token": []

Step 6: Create a secret for that App Registration and remember it

Step 7: Remember the client ID of that App Registration

  • No labels

© 2024 Tivian XI GmbH