Jump to content

Guides

Azure Active Directory

As Azure AD uses OAuth 2.0 for its connectivity, we can set this up as a login method using our generic OAuth 2.0 setup. The below guide shows a basic setup of Azure AD, with a standard Invision Community setup.

Before you continue, this guide assumes that you already have an Azure account and organisation already set up. If you do not yet have this, you should go ahead and ensure you have this set up first.

 

Setting up permissions

The first thing we will need to do in order to get our oauth setup working, is to create the relevant permissions within Azure. Within your Azure services screen, select the "Azure Active Directory" link as shown.

2020-01-24_15-01-37.jpg

Account Services

Now we are in the Active Directory area of your Azure setup, select "App Registrations" from the left so we can register a new application

2020-01-24_15-02-18.jpg

App Registration Menu Option

Click on New Registration, to register a new application

2020-01-24_15-02-40.jpg

New App Registration

You can give the user facing display name of the application anything you wish. You can change this later if you decide you want to name it something differently, so we have just used Azure OAuth Test for the time being.

Select the "Supported account types" option that relates to how you want your login setup. 

The Redirect URI can be found within your admin CP if needed, by visiting the following location to start setting up the admin CP side 

System -> Settings -> Login & Registration ->Create new -> Other Oauth 2.0

By default the URL to enter will be as follows. Replacing the yourURL with your own sites URL - https://yourURL/oauth/callback

2020-01-24_15-03-52.jpg

Callback URL Example

How this is set up, we can add the API Permissions. Go back to the overview screen, and select "View API permissions"

2020-01-24_15-04-32.jpg

View API Permissions

You may find that there is already the User.Read permissions set up, as shown below. If there is, you can skip the next step.

2020-01-24_15-05-03.jpg

Example Permissions

If this is not already set up, select "Add a permission". This will then ask what type of permission you wish to add. For the purpose of our setup, we will be selecting "Microsoft Graph"

2020-01-24_15-05-34.jpg

Permission Type Selection

 

You will then be asked which type of permissions you require. You need to select "Delegated permissions"

2020-01-24_15-05-50.jpg

Select Delegate Permissions

Then select the following permissions

User->User.Read

2020-01-24_15-06-25.jpg

User Permission Options

The Client Secret

Now we have the permissions set up, we need to create the client secret. This secret will then be used for the setup in your admin CP. Select "Certificated & secrets" from the menu on the left.

2020-01-24_15-06-44.jpg

Client Secret Menu Item

Once you are in this area, you need to

  1. Select the "New client secret" button
  2. Select "Never" on the expiry
  3. Add a name for your secret (can be anything you wish)

2020-01-24_15-07-10.jpg

Client Secret Setup

Click on Add, and you will then see the secret at the bottom of the page. You need to copy this secret for use in subsequent sections of this guide.

2020-01-24_15-07-51.jpg

Copy Secret Key

 

The Admin Side

Now we have the Azure side set up, we can set up the Auth setup within the admin CP. If you have not done so already, visit the following area in the Admin CP to start the setup

System -> Settings -> Login & Registration ->Create new -> Other Oauth 2.0

The first thing we will enter, will be a the basic settings. It doesnt matter what you call the login method, as long as its something you can recognise in the ACP, should you need to revisit this area in the future. Leave the other 2 items as default

2020-06-24_10-23-37.jpg

Basic Settings

The next section is "Application Settings". This is where you will add the relevant information for your azure setup. All items should be left as default unless stated here. Your client and tenant ID locations are shown in the image below for when needed

2020-01-24_15-11-56.jpg

Client ID and Tenant ID

 

2020-06-24_10-26-26.jpg

Application Settings

The final part is to fill in the 'Appearance Settings', and 'Account Management' settings. What you add for these would be your own preference, depending on how you wish for the login button to be displayed, and the action to be taken in various scenarios with user accounts.

2020-06-24_10-27-10.jpg

Appearance and Account Settings

This now concludes the azure setup. You can test this by logging into the site on the front end from a valid account

2020-06-24_10-28-15.jpg

Login Button


  Report Guide


×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy