Azure SSO Configuration

Configure Single Sign-On for Azure using the Application Deployment Portal

Configure SSO for DuploCloud using the Azure Application Deployment (AD) Portal as an Identity Provider (IDP). To configure Azure SSO, you must:

Register your application in the Azure AD Portal.
Create a secret for authentication.
Assign API Permissions.

Register your application in the Azure AD Portal

Log in to the Azure AD Portal as an Administrator.
In the Azure AD Portal, navigate to Manage -> App Registrations. The App registrations page displays.
Click New registration. The Register an application page displays.
Enter a Name for the application, for example, duplo-app1.
In the Supported account types area, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
In the Redirect UTI field, select Web and type the DuploCloud URL https://PORTAL_DNS_NAME/app/signin-microsoft updating PORTAL_DNS_NAME to match your DuploCloud portal. For example: https://duplo.cloud.mycompany.com/app/signin-microsoft
Click Register.

Note the Application (Client) ID for future reference; for example, 8a6acf76-555e-4782-a8a4-abcd283d889d.

Create a secret for authentication.

In the Azure AD Portal, navigate to Manage -> Certificates & secrets.
In the Client Secret tab, click New Client Secret.
In the Add a client secret window, enter a Description for the secret.
In the Expires list box, select 12 months for the expiration duration.

Note the Value displayed in the client secrets tab; for example, hFFC8Q~z.bHooBGcwftnh2LRgp53M62XJdLIrXxyz.

Step3: Assign API Permissions

In the Azure AD Portal, navigate to Manage -> API Permissions.
Click Microsoft Graph & Delegated Permissions. The Request API Permissions page displays.
On the Select permissions area of the Request API Permissions page, select openid, email, and profile. Add the User.Read permission if it is not present by entering User.Read in the search box and selecting it from the search results.
Click Add permissions.
In the Configured Permissions area of the Request API Permissions page, click Grant admin consent for Default Directory and confirm by clicking Yes.

Next Steps

When setup is complete, supply the Application ID and Client Secret to DuploCloud to integrate Login Authentication with your Azure AD.

PreviousSSO Configuration NextOkta Identity Management

Last updated 12 days ago

Was this helpful?

In the Azure AD Portal, navigate to Manage -> App Registrations. The App registrations page displays.

Click New registration. The Register an application page displays.

Enter a Name for the application, for example, duplo-app1.

In the Supported account types area, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).

In the Redirect UTI field, select Web and type the DuploCloud URL https://PORTAL_DNS_NAME/app/signin-microsoft updating PORTAL_DNS_NAME to match your DuploCloud portal. For example: https://duplo.cloud.mycompany.com/app/signin-microsoft

Click Register.

Note the Application (Client) ID for future reference; for example, 8a6acf76-555e-4782-a8a4-abcd283d889d.

Create a secret for authentication.

In the Azure AD Portal, navigate to Manage -> Certificates & secrets.

In the Client Secret tab, click New Client Secret.

In the Add a client secret window, enter a Description for the secret.

In the Expires list box, select 12 months for the expiration duration.

Note the Value displayed in the client secrets tab; for example, hFFC8Q~z.bHooBGcwftnh2LRgp53M62XJdLIrXxyz.

Step3: Assign API Permissions

In the Azure AD Portal, navigate to Manage -> API Permissions.

Click Microsoft Graph & Delegated Permissions. The Request API Permissions page displays.

On the Select permissions area of the Request API Permissions page, select openid, email, and profile. Add the User.Read permission if it is not present by entering User.Read in the search box and selecting it from the search results.

Click Add permissions.

In the Configured Permissions area of the Request API Permissions page, click Grant admin consent for Default Directory and confirm by clicking Yes.