Setup Azure App registration


1.    Login to the Azure console https://portal.azure.com/

2.    Go to Azure Active Directory

 

 

Graphical user interface, application, website Description automatically generated 

 

 

 

 

3.    Select App registration from the side menu
Graphical user interface, application, Teams Description automatically generated

 

 

 

4.    Click on New registration

Graphical user interface, application Description automatically generated

 

 

 

 

 

 

 

5.    Provide an application name

6.    Select “Accounts in any organizational directory”

7.    Under the Redirect URI, select Web and enter in the URI for your admin site.

Graphical user interface, application, Teams Description automatically generated

8.    Click the register button to continue

 

 

9.    Select the Authentication menu item

10.    Check the ID tokens (used for implicit and hybrid flows)

11.    Select Accounts in this organization directory only

12.    Click Save to save changes



 

Graphical user interface, application, Teams Description automatically generated

 

 

13.    Select API permissions from the menu

14.    Click Add a permission


Graphical user interface, text, application, Teams Description automatically generated

 

 

15.    Scroll down and select Azure Active Directory Graph

Graphical user interface, application Description automatically generated

 

 

16.    Select Delegated permissions

 

 

Graphical user interface, application, Teams Description automatically generated

 

 

 

 

17.    Select the following:
    Directory.AccessAsUser.All

    User.Read

    User.ReadBasic.All

18.    Click Add permissions to continue


 

 

19.    Click Grant admin consent for domain tenant
Graphical user interface, text, application Description automatically generated

20.    Select the Certificates & secrets from the side menu

21.    Click New client secret

22.    Enter a Description and Expires date

23.    Click add to continue

Graphical user interface, application, Teams Description automatically generated


 

 

 

24.    Copy the client secret and paste it somewhere you can copy it for later.

Graphical user interface, text, application, email Description automatically generated 

 


 

25.    Select Overview from the side menu

26.    Copy the Application (client) ID for use in the Edsembli Application

 

 

 

 

Enabling Azure Authentication within edsembli SIS

 

1.    Login to edsembli SIS as an administrator.

2.    Select “Security - Authentication Types” then click the “+” button to add a new authentication type.

 

3.    On the General tab provide a name for the authentication type and select “Azure Active Directory”

 

 

4.    On the “Configuration” tab copy and paste the application Client ID and secret and enter the authorization endpoint for your Azure active directory. 

Example: https://login.microsoftonline.com/yourdomain.onmicrosoft.com.  

Also provide the name of the claim that will be used to match the user account name in the edsembliSIS.  The “name” claim is the AD account name the “upn” claim is the AD login name (email address).

5.    Click save.

 

 

 

 

 

6.    On the login page you will now have the option to select Azure AD authentication.

Note:  The edsembli user account’s Authentication type must be set to Azure AD in order to login successfully.