Azure AD SSO
This page describes setting up SSO using Azure Active Directory (AD).
Azure AD specific configurations
- Log into the Azure Portal with the appropriate permissions
- Click or search for
Azure Active Directory
- On the left panel, click
App Registrations
under the Manage header - Click the
+ New Registration
button to create a new application to leverage SSO - Give the application a name (i.e. RegScale)
- Pick the
Supported Account Type
- this is typically set to "Accounts in this organizational directory only" - Under
Redirect URI
, set the following:- Select
Single-page application (SPA)
from the pulldown - Enter the redirect URI - this should be your domain name plus the /login route (i.e. https://sandbox.regscale.com/login); NOTE 1: The redirect must return to the RegScale login page for the round trip to succeed; NOTE : Redirect URL is case sensitive - highly recommend all lower case
- Select
- Click the
Register
button to complete the application registration - You should be redirected to a new
Overview
screen that contains three pieces of information that you will need to configure RegScale:- Application (client) ID
- Directory (tenant) ID
- Redirect URI (what you setup in the previous step)
- NOTE: Copy these values to Notepad or another convenient place for future RegScale configuration
- The next step is to configure the attributes that AD will pass back to RegScale in the token.
- Click
Token Configuration
- Click
+ Add Optional Claim
- Select
ID
as the token type - Click the following checkboxes:
- family_name - maps to RegScale Last Name
- given_name - maps to RegScale First Name
- email - maps to RegScale Email
- Click
Add
button to complete this step. If prompted, turn on Microsoft Graph to allow some of these attributes to be read.
At this point, configuration in Azure AD is complete and RegScale must be configured using this information.
To Map AD Roles to RegScale Roles
Azure can supply role information to the RegScale application if configured. This allows for users logging in via SSO to be automatically provisioned to a RegScale role-based access role.
See Roles for a list of RegScale Roles and their accesses.
- In the app registration record created above, Choose "App Roles".
- Create an App Role for each of the RegScale roles desired (e.g. Administrator, GeneralUser)
- Set the Display Name equal to the Role (e.g. Administrator)
- Select "Users/Groups"
- Set "Value" = the exact Role as defined in RegScale (see Roles)
- Back in the app registration, choose "Users and Groups"
- Add users or groups of users within your organization to the roles created above
Updated 4 months ago