SSO sign-in via OAuth
Objective
Procedure
-
Navigate to the Microsoft Entra admin center > Entra ID > Overview
- Copy the tenant ID
-
Navigate to Entra ID > App registrations
-
Click + New registration
-
Name:
AI Platform: SSO -
Select Single tenant only: Your Company
-
Redirect URI (Web):
https://ia.yourdomain.com/auth/callback/microsofthttps://ia.yourdomain.com/auth/m365/callbackhttps://docs.yourdomain.com/auth/azure.callback
-
Click Register
-
-
Navigate to App registrations > Manage > Overview
- Copy the application (client) ID
-
Navigate to App registrations > Manage > API permissions
-
Click + Add a permission
- Microsoft Graph
- Delegated permissions
- User >
User.ReadBasic.All - User >
GroupMember.Read.All(optional, for group synchronization)
-
Click Grant admin consent
-
-
Navigate to App registrations > Manage > Certificates & secrets
-
Select the Client secrets tab
-
Click + New client secret
-
Description:
SSO "current year" - "current month" -
Expires:
730 days -
Copy the secret value
-
- Send the following information to the technician:
- Tenant ID
- Application (client) ID
- Secret value
Add the administrator
-
Navigate to the Microsoft Entra admin center > Entra ID > App registrations
-
Open the previously created application:
AI Platform: SSO -
Navigate to Manage > Roles and administrators > Cloud Application Administrator
- + Add assignments
- Add
hilotech@yourdomain.comas an administrator
Access restriction via security group (optional)
Objective
Procedure
- Once the app registration has been created, navigate to Enterprise applications
- Open the previously created application:
AI Platform: SSO - Navigate to Manage > Properties
- Set Assignment required? to Yes, then save
- Navigate to Manage > Users and groups
- Add the desired security group or users
Microsoft 365 group synchronization (optional)
Objective
Procedure
-
Navigate to App registrations
-
Open the previously created application:
AI Platform: SSO -
Navigate to Manage > Token configuration
-
Click + Add groups claim
-
Select Groups assigned to the application
-
Under Customize token properties by type:
- ID >
sAMAccountName - Access >
sAMAccountName - SAML >
sAMAccountName
- ID >
-
-
Navigate to Enterprise applications
-
Open the previously created application:
AI Platform: SSO -
Navigate to Manage > Properties
-
Set Assignment required? to Yes, then save
-
Navigate to Manage > Users and groups
-
Add the desired security group(s)
Need a hand?
Our team can walk through these steps with you in a meeting with screen sharing.