HomeGuidesAPI ReferenceChangelogDiscussions
Log In

Azure AD SSO

This page describes setting up SSO using Azure Active Directory (AD).

Azure AD specific configurations

  1. Log into the Azure Portal with the appropriate permissions
  2. Click or search for Azure Active Directory
  3. On the left panel, click App Registrations under the Manage header
  4. Click the + New Registration button to create a new application to leverage SSO
  5. Give the application a name (i.e. RegScale)
  6. Pick the Supported Account Type - this is typically set to "Accounts in this organizational directory only"
  7. Under Redirect URI, set the following:
    • Select Single-page application (SPA) from the pulldown
    • Enter the redirect URI - this should be your domain name plus the /login route (i.e. https://sandbox.regscale.com/login); NOTE 1: The redirect must return to the RegScale login page for the round trip to succeed; NOTE : Redirect URL is case sensitive - highly recommend all lower case
  8. Click the Register button to complete the application registration
  9. You should be redirected to a new Overview screen that contains three pieces of information that you will need to configure RegScale:
    • Application (client) ID
    • Directory (tenant) ID
    • Redirect URI (what you setup in the previous step)
    • NOTE: Copy these values to Notepad or another convenient place for future RegScale configuration
  10. The next step is to configure the attributes that AD will pass back to RegScale in the token.
  11. Click Token Configuration
  12. Click + Add Optional Claim
  13. Select ID as the token type
  14. Click the following checkboxes:
    • family_name - maps to RegScale Last Name
    • given_name - maps to RegScale First Name
    • email - maps to RegScale Email
  15. Click Add button to complete this step. If prompted, turn on Microsoft Graph to allow some of these attributes to be read.

At this point, configuration in Azure AD is complete and RegScale must be configured using this information.

To Map AD Roles to RegScale Roles

Azure can supply role information to the RegScale application if configured. This allows for users logging in via SSO to be automatically provisioned to a RegScale role-based access role.

See Roles for a list of RegScale Roles and their accesses.

  1. In the app registration record created above, Choose "App Roles".
  2. Create an App Roll for each of the RegScale roles desired (e.g. Administrator, GeneralUser)
    1. Set the Display Name equal to the Role (e.g. Administrator)
    2. Select "Users/Groups"
    3. Set "Vaule" = the exact Role as defined in RegScale (see Roles)
  3. Back in the app registration, choose "Users and Groups"
  4. Add users or groups of users within your organization to the roles created above