Configure Azure Active Directory

IN THIS ARTICLE

Learn how to configure your space so that users can authenticate using Azure Active Directory SSO

Users can authenticate to Estii using Azure Active Directory SSO.

Create an application in Azure

  1. Sign in to the Azure Portal.
  2. If you have access to more than one tenant, select the tenant you want to use for Estii SSO in the top-right corner.
  3. Search for and select Azure Active Directory.
  4. Under Manage, click App registrations.
    1. Click New registration.
    2. Enter a meaningful application name to display to users.
    3. Under Supported account types select Accounts in this organizational directory only.
    4. Under Redirect URL select Web and enter https://estii.com/api/auth/callback/oauth
    5. Click Register.
    6. Note the application’s Application (client) ID and Directory (tenant) ID as these will be used to configure Estii.
  5. Under Manage click Authentication.
    1. Tick both boxes under Select the tokens you would like to be issued by the authorization endpoint.
    2. To also configure Single Logout (SLO), under Front-channel logout URL enter https://app.estii.com/api/auth/signout
    3. Click Save
  6. Under Manage click Certificates & secrets.
    1. Under Client secrets click New client secret.
    2. Select when you want the secret to expire. Note that Estii SSO will stop working if you don’t create a new secret before the old one expires.
    3. Note the Secret value as this will be used to configure Estii.

Add values to Estii

Using the Azure application’s Application (client) ID as the Client ID and Secret value as the Client secret you can Configure OpenID Connect directly in Estii.

In the Discovery URL input, enter https://login.microsoftonline.com/TENANT/v2.0/.well-known/openid-configuration where TENANT is the application’s Directory (tenant) ID.