Configuring Azure AD identity provider#
For Azure AD, two applications are needed, one for group synchronization, and one for the identity provider. These are the steps for identity provider:
- To enable login with a Microsoft Azure AD account you first have to register an OAuth application on Azure. Login to Azure Portal.
- Open
Azure Active Directory
service - On the left tab under the Manage section, click
App Registrations
-
Click on
New registration
. Entersaap
as the name. Under theRedirect URI
section, chooseWeb
and enter the Redirect URI that will be provided by Stakater Support and clickRegister
: -
Go to
API permissions
and add the required Microsoft Graph API permissions. Typically, you need these permissions:User.Read
openid
profile
email
-
Click on the newly created app
saap
. ClickCertificates & secrets
from the left tab. ClickNew client secret
. UnderExpires
pick any option. UnderDescription
entersaap oidc
and clickAdd
: -
Copy the value of the newly created client secret and note the
Application (client) ID
andDirectory (tenant) ID
of thesaap
app registration from theOverview
tab. Send this to Stakater Support:
Items provided by Stakater Support#
Redirect URIs
Items to be provided to Stakater Support#
Please provide the secrets via password manager:
Application (client) ID
Directory (tenant) ID
client Secret