Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 15 Next »

Configuration

English | Deutsch

TABLE OF CONTENTS

An Azure AD Federation should be setup as OpenID Connect federation. SAML might be possible but is not the preferred configuration.

Step 1:

Create an App registration in Azure AD (tab App Registrations)

Step 2:

Configure Supported Account types. The value should be “Only Account from this AD” (single tenant).

Azure AD

https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant

Step 3:

Add a redirect URI to the App Registration. The redirect URI will be the following with a replacement for our okta domain: https://<our-okta-domain>/oauth2/v1/authorize/callback

For Production: https://access.questback.com/oauth2/v1/authorize/callback

Step 4:

Add permission for “UserRead” to that App Registration. The value will be https://graph.microsoft.com/User.Read

Step 5:

Add optional claims to the manifest of the created App Registration in Azure AD. The family_name and the given_name have to be sent.

 "optionalClaims": {
    "idToken": [
        {
            "name": "family_name",
            "essential": true
        },
        {
            "name": "given_name",
            "essential": true
        }
    ]
},
"accessToken": [],
"saml2Token": []

Step 6:

Create a secret for that App Registration and remember it

Step 7:

Remember the client ID of that App Registration

  • No labels

© 2024 Tivian XI GmbH