Azure AD SSO Integration

1/2022 - rev 3

Overview

Oort’s platform can authenticate your users against your Azure AD. To enable SSO, you will need to configure an app registration inside of Azure AD. This is done to allow Oort to use your Azure AD for authentication of users. This document will walk you through the process of setting up the App Registration inside of Azure AD.

Goal

The goal of this document is to serve as a guide to set up authentication with your Azure AD directory.  

Audience

This document is meant for the CISO to share with their teams to set up the integration with Azure AD that Oort will use to authenticate users.

Next Steps

Once the app registration is complete you will work share the client id from your directory with Oort.

Azure AD SSO Integration

To enable SSO, you will need to configure an app registration inside of Azure AD. This is done to allow Oort to use your Azure AD for authentication of users.

Permission requirements for setting up Azure AD integration

To add the necessary configuration in Azure AD, you need to have admin access to the following:

The main thing that you will need to configure in Azure AD:

  • Add an App inside your Azure AD tenant that defines the keys and permissions needed by Oort

Setup Steps

There are 3 steps you need to go through to set up your Azure AD API key then connect it to Oort.

  1. Enable Azure AD resource provider (if needed)
  2. Setup App and API secret in Azure AD
  3. Provide client id and secret to Oort

Enable Azure AD resource provider

Enable AzureAD resource provider under your license.

  1. Go to Home...Subscriptions…...Resource Providers

    • Search for Microsoft.AzureActiveDirectory and select it.
  2. If the Status says NotRegistered

  • Click on the Register button to register the Microsoft AzureAD resource provider.

    azure subscription 1   microsoft azure

  1. If the Status says Registered, you can move on to the next step.

Setup App and API secret in Azure AD

Next, we will create the app in your Azure AD tenant, assign the correct permissions, and add an API secret. 

Add an app in your Azure AD tenant

  1. Go to Azure Active Directory...App registrations

  2. Click on New registration

  3. Fill in the details for the new app

register an application   microsoft azure

  1. Click on Register

  2. Save the following information as it will get entered into the Oort dashboard.

    • Application ID (this will be the client id you will provide Oort)

oort dashboard   microsoft azure

Add API Permissions

  1. Go to API Permissions under your newly created Oort Integration app

oort dashboard   microsoft azure api permissions

  1. Click on Add a permission
  2. Click on Microsoft Graph

request api permissions   microsoft azure

  1. Click on Application Permissions
  2. Search for “Directory.Read.All”
  3. Check the box next to Directory*.Read.All* 

request api permissions   microsoft azure directory

  1. Please repeat steps 5 and 6 to add the following permissions as well:

    • User.Read.All
    • Directory.Read.All
  2. Once added to the list, click Add Permissions

  3. Click on Grant admin consent

oort dashboard   microsoft azure grant

  1. Click on Yes

Create API secret

  1. Go to Certificates & Secrets under your Oort Integration app
  2. Click on New client secret

oort dashboard   microsoft azure secret new

  1. Fill in the details for the secret and click Add

add a client secret   microsoft secret create

  1. Save the Secret Value as this will be used later in the Oort dashboard

    • Click the copy icon to copy and save it somewhere
    • Important: Once you leave this page you WILL NOT be able to get the key again and will have to delete and create a new one.

oort dashboard   microsoft azure secret

Provide ClientID and Client Secret to Oort

Next, we will send the Client ID and Client secret to Oort.

You will now be on the configured application screen.  On this screen, you will provide the Client ID and Client secret to Oort for setup in Oort’s backend.

  • Client ID
  • Client secret