Overview
This article provides a comprehensive guide on setting up Azure AD Federation using OpenID Connect. It outlines the steps required to create and configure an App registration in Azure AD for federation with Questback.
Information
Azure AD Federation should be set up as an OpenID Connect federation, which is the preferred configuration over SAML. This guide will walk you through the process of creating an App registration in Azure AD and configuring it for use with Questback.
- Create App Registration
- Configure Supported Account Types
- Add Redirect URI
- Add Permissions
- Add Optional Claims
- Create Secret
Create App Registration
The first step in setting up Azure AD Federation is to create an App registration in Azure AD.
Step 1: Create the App Registration
Navigate to the "App Registrations" tab in Azure AD and create a new registration for your application.
Configure Supported Account Types
After creating the App registration, you need to configure the supported account types.
Step 2: Set Account Type
Configure the Supported Account types to "Only Account from this AD" (single tenant).
For more information on multi-tenant applications, refer to the Azure AD documentation.
Add Redirect URI
Adding a redirect URI is crucial for the authentication flow.
Step 3: Add the Redirect URI
Add the following redirect URI to the App Registration:
https://access.questback.com/oauth2/v1/authorize/callback
For Production environments, use the same URI: https://access.questback.com/oauth2/v1/authorize/callback
Add Permissions
Proper permissions need to be set for the App Registration to function correctly.
Step 4: Add UserRead Permission
Add the "UserRead" permission to the App Registration. The value should be:
https://graph.microsoft.com/User.Read
Add Optional Claims
Optional claims need to be added to the manifest of the created App Registration.
Step 5: Add Claims to Manifest
Add the following optional claims to the manifest of the App Registration:
"optionalClaims": {
"idToken": [
{
"name": "family_name",
"essential": true
},
{
"name": "given_name",
"essential": true
}
]
},
"accessToken": [],
"saml2Token": []
Create Secret
A secret is required for secure communication between your application and Azure AD.
Step 6: Create and Store Secret
Create a secret for the App Registration and make sure to store it securely. You will need this secret for configuring your application.
Step 7: Note Client ID
Remember to note down the client ID of the App Registration, as you will need it for configuration purposes.
FAQ
What is the preferred federation method for Azure AD?
The preferred federation method for Azure AD is OpenID Connect. While SAML might be possible, it is not the recommended configuration.
Why do we need to add optional claims to the manifest?
Optional claims, specifically the family_name and given_name, are added to ensure that these user details are included in the token sent by Azure AD. This information is often necessary for user identification and personalization within the application.
Comments
0 comments
Article is closed for comments.