Skip to content

Azure

Warning

This guide should be used as a functional example only. Identity Admins should follow their company's policies and best practices when implementing Single Sign-On (SSO).

Similarly, because these guides are for services that Horizon3 does not control, screenshots and configuration options might be different then what you see here.

All sections of this page should be completed by someone with permissions for Identity Team Admin.

Create Azure Enterprise Application

  1. Log into Azure Portal and browse to the Azure Active Directory service.

    Azure portal - azure active directory service

  2. In the left-hand menu's Manage section, click Enterprise applications.

    Azure portal - enterprise applications option

  3. Then click New Application.

    Azure portal - new application button

  4. Then click Create your own application.

    Required role

    You will need to have one of the following Azure AD roles in order to create a new application: Global Administrator or Application Administrator.

    Azure portal - Create your own application button

  5. Name your app NodeZero Portal.

  6. Select Register an application to integrate with Azure AD (App you're developing).

    Azure portal - register an application to integrate radio button

  7. Click Create.

  8. On the Register an application page, you can choose to set a different user-facing name for the app, if desired.

  9. Ensure that the Supported account types option is set to Single tenant.

    Azure portal - Accounts in this organizational directory only radio button

  10. Leave the Redirect URI section blank for now.

  11. Click Register.

Copy Client ID

After registering the app, you'll be taken back to the Browse Azure AD Gallery page. Navigate back to the Enterprise applications page, find your newly created app, and click it.

  1. Click on the Overview page.
  2. Save the Application ID. This is the Client ID that you will need to provide to your Portal Org Admin later.

Steps for copying the client ID.

Configure Single Sign-On

Under the Manage section of the left hand menu:

  1. Click Single sign-on.
  2. Click Go to application.

Steps for configuring single sign-on.

Copy Issuer URL

On the new Overview page (step 1), click the Endpoints tab (step 2) and copy the OpenID Connect metadata document value (step 3). This is this Issuer URL that you will need to provide to your Portal Org Admin later.

Steps for copying issuer url.

Configure Authentication

Under the Manage section,

  1. Click Authentication.
  2. Ynder the Platform configurations section, click Add a platform.
  3. In theWeb applications section that opens to the right, click the Web button.

Steps for configuring authentication.

Use the information in the table below to fill out the Redirect URIs field. Be sure to select the correct tab, based on which regional Portal your users access.

Field Value
Sign-in redirect URIs https://portal.horizon3ai.com
https://auth.horizon3ai.com/oauth2/idpresponse
Field Value
Sign-in redirect URIs https://portal.horizon3ai.eu
https://auth.horizon3ai.eu/oauth2/idpresponse
Adding multiple sign-in redirect URIs

The initial form appears to only allow you to enter a single URI. Enter the first URI from the appropriate table below, click Configure, then click the Add URI link in the Web > Redirect URIs section on the main page. Enter the second URI and click Save.

Azure Portal - Redirect URIs section - Add URI link

Create Client Secret

Under the Manage section,

  1. Click Certificates & Secrets.
  2. Click New client secret.
  3. Enter a description.
  4. Set the Expires column to a value that aligns with your company's policies.

  5. Click Add.

    Steps for creating a client secret.

  6. Copy the Secret Value.

    Secret Value - copy link

This is the Secret VALUE that you will need to provide to your Portal Org Admin later.

Configure API Permissions

Under the Manage section,

  1. Click API permissions.
  2. Ensure that the Microsoft Graph User.Read permission is configured (it should be by default).