configure Identity Service with Azure Active Directory (AAD)
Israel +972 4 6308447      USA +1 619 831 0029         UK +44 203 807 9405         JAPAN +81 505 893 6263 担当:萩原

How to configure Identity Service with Azure Active Directory (AAD)

You are here:
< All Topics

This document describes the steps required to configure Azure Active Directory (AAD) with the Identity Service. The following steps are to be performed to configure Azure Active Directory (AAD) with the Identity Service:

Identity Service Configuration Process with Azure Active Directory (AAD)

  1. Login to the Azure Portal, link: https://portal.azure.com. Navigate your Azure Active Directory (AAD).

2. Navigate to the App Registrations section.

3. Create a new registration. Click the New Registration button.

4. Provide the application display name (for example: Identity Service) and the Redirect URL (can be provided later). Click the Register button.

Note: The Redirect URLs are required to be taken from OpenLM Identity Service UI when adding a new external provider (as shown in the image below). When creating an application, redirect URLs are not required to be added in the step above, and can be filled after adding the new external provider in the OpenLM Identity Service. The below image from OpenLM Identity Service shows the Redirect URLs from the added External Providers.

The application is now registered. Please save the information marked on the image below.

5. Now, navigate to the Authentication section.

6. Provide the information for the Redirect URLs: Front-channel Logout URL and Web Redirect URL (if it is not provided in the step 4). Check the checkbox for ID Tokens. Click the Save button to save the changes.

Note: The Redirect URLs are required to be taken from OpenLM Identity Service UI (as shown in the image, in the step 4 above) when adding a new external provider. When creating an application, redirect URLs are not required to be added in the step above, and can be filled after adding the new external provider in the OpenLM Identity Service.

7. Then, navigate to the Certificates & Secrets section to create a new client secret.

8. Provide the details to add a client secret.

The Client Secret is now created. Note the Value and Secret ID.

Note: The value will be displayed hidden as shown in the image below:

This completes the Identity Service configuration process with Azure Active Directory (AAD).

Adding an External Identity Provider (Azure) in OpenLM Identity Service

To add the external provider (Azure) in the OpenLM Identity Service, perform the following steps:

  1. Navigate to Add Provider screen in the OpenLM Identity Service. Click on the External Providers icon to add the external provider.

  1. Select the provider type Azure from the drop-down options.
  2. Enter the Client ID in the Client ID field. Client ID is “Application (client) ID” (from AAD settings, as in step 4 of the section “Identity Service Configuration Process with Azure Active Directory (AAD)”above).
  3. Enter the Client Secret in the Client Secret field. Client Secret is “Value” (from AAD settings, as in step 8 of the section “Identity Service Configuration Process with Azure Active Directory (AAD)” above).
  4. Enter the Account ID in the Account ID field. For OpenLM Cloud users, the Account ID will be manually taken from an account from the OpenLM Cloud UI Client – Admin. When you click on the edit icon for an added account, the Account ID will available on the Edit Accounts screen. OpenLM on-premise users will declare the value “none” for this field.
  5. Enter the authority URL in the Authority field. The Authority field will be filled by the Azure Authority URL. Take the Directory (tenant) ID as mentioned in the step 4 of the section “Identity Service Configuration Process with Azure Active Directory (AAD)”above and add it to the link: https://login.microsoftonline.com/{Directory (tenant) ID}.
  6. Enter the display name for the provider in the Display Name field.

The added External Provider (Azure) will be displayed in the External Providers list with the following details as shown in the screen below:

Previous Configuring Okta SSO with OpenLM
Next How to configure the Browser for Windows Authentication (v21 and higher)
Table of Contents