Using Azure Active Directory as Identity Provider

---

Configuring Azure Active Directory

Hint - example configuration

The following configuration is an example of SealCC and DPF Tracker.

1. Log on to the Azure portal and open Azure Active Directory.

2. In App registrations, select New registration to create a new app.

   

3. Select a display name for the app and register it.

4. In Authentication, select Add a platform and add a Web platform.

   

5. Add the redirect URIs with complete path and query parameters, e. g.

   • for SEALCC:

     https://127.0.0.1:9126/cgi-bin/sealcc/sealcc?function=oauthLogin&package=sealcc%3A%3Aplugins%3A%3Alogin&lastfunction=oauthlogin
     

   • for DPF Tracker:

     https://127.0.0.1:9126/cgi-bin/dpftracker?login=1
     

6. In Certificates & secrets, create a new client secret.

   

7. In Token configuration, add the groups claim to the ID token.

   

8. In API Permission, add the openid permission.

   

9. In expose an API, add a scope.

   

10. In Manifest, check the value of accessTokenAcceptedVersion. It has to be 2.

    

11. In Overview, find a list of all necessary endpoint URIs.

    

12. Configure your SEAL Systems applications with the corresponding end points and the created scope.

    • in the given example:

      api://ff5e9507-350d-41df-afd2-7d2a561a9060/sealcc

13. Repeat the steps for any other client you whish to configure.

    For a list of currently available clients, see SEAL Clients.

---