Configure Single Sign-On for Azure using the Application Deployment Portal
Configure SSO for DuploCloud using the Azure Application Deployment (AD) Portal as an Identity Provider (IDP). To configure Azure SSO, you must:
Register your application in the Azure AD Portal.
Create a secret for authentication.
Assign API Permissions.
Log in to the Azure AD Portal as an Administrator.
In the Azure AD Portal, navigate to Manage -> App Registrations. The App registrations page displays.
Click New registration. The Register an application page displays.
Enter a Name for the application, for example, duplo-app1.
In the Supported account types area, select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
In the Redirect UTI field, select Web and type the DuploCloud URL https://company.duplocloud.net/app/signin-microsoft replacing company with your company's DuploCloud deployment.
Click Register.
Note the Application (Client) ID for future reference; for example, 8a6acf76-555e-4782-a8a4-abcd283d889d.
In the Azure AD Portal, navigate to Manage -> Certificates & secrets.
In the Client Secret tab, click New Client Secret.
In the Add a client secret window, enter a Description for the secret.
In the Expires list box, select 12 months for the expiration duration.
Note the Value displayed in the client secrets tab; for example, hFFC8Q~z.bHooBGcwftnh2LRgp53M62XJdLIrXxyz.
In the Azure AD Portal, navigate to Manage -> API Permissions.
Click Microsoft Graph & Delegated Permissions. The Request API Permissions page displays.
On the Select permissions area of the Request API Permissions page, select openid, email, and profile. Add the User.Read permission if it is not present by entering User.Read in the search box and selecting it from the search results.
Click Add permissions.
In the Configured Permissions area of the Request API Permissions page, click Grant admin consent for Default Directory and confirm by clicking Yes.
When setup is complete, supply the Application ID and Client Secret to DuploCloud to integrate Login Authentication with your Azure AD.