Skip to main content

Setup user authentication using Microsoft/Azure AD

This article provides a quick start guide for adding Microsoft Login to Authress. This enables your users to login using Azure AD, Outlook, Microsoft AD, MS Live, XBox, and any other Microsoft corporate identity provider and authenticate into your software.

info

If you are looking to enable admin login access into the Authress Management Portal using your corporate IdP see the Authress Management Portal SSO Configuration.

In this guide weโ€™ll set up Microsoft login. the Login with Microsoft OAuth configuration is in Azure. Setting up authentication requires the following parts:

  1. Authress-Microsoft OAuth configuration
  2. Azure Marketplace App Registration
  3. Testing the configuration

Prerequisite: Azure Development Accountโ€‹

In order to enable your users to log in with Microsoft AD, Outlook, or any of the above listed providers, you will need an Azure developer account. You can do that by Registering for an Azure account.

Authress Connection configurationโ€‹

The first step is enabling the Microsoft preconfigured Authress connection in the Authress Management Portal.

Authress preconfigured microsoft connection

You will see there are the missing fields Client ID and Client Secret, first we are going to get the Client ID.

Azure App Registrationโ€‹

Now we can create a new App Registration. This App Registration is what your users will see when the choose to sign in with Microsoft.

Navigate to the Azure Portal and choose to create a new App Registration. Click App registrations > then click New registration.

Or click here: Create App registration

Azure App registration

Enter a Name and make sure to select the appropriate Supported account types. Authress recommends:

Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

App Registration type selection

  • Set the Redirect URI to be your Authress Custom Domain url. This is the domain you set up in your Authress account. We'll assume for this example it is https://auth.yourdomain.com and therefore the redirect URI is https://auth.yourdomain.com/login. And then click Register. This value is available in your new Authress Connection for Microsoft in the Complete Setup section of the connection.

Complete Authress Setup

And then copy this value to the App Registration in Azure:

Azure App redirect URI

App Client Configurationโ€‹

Now that the App is created in Azure we can copy the Client ID from the portal and store it in Authress:

Azure app registration client ID

Authress Client ID

App Client Secretโ€‹

The next step is to generate the App Client Secret. To do that click Add a certificate or secret in the Azure Portal (If you have already done this the hyperlink may say 0 certificate, N secret, click that instead.):

Azure generate client secret

Then click New client secret, enter a useful description and an Expiry date, and then copy the Secret Value (not the secret ID) back to the Authress Connection:

Azure app client secret

Validate the configurationโ€‹

Now the setup is complete and you are ready to test connection. You can test the connection in the Authress Connection configuration by clicking Test Connection:

Test Connection in Authress

When everything is configured correctly you'll see the test login success screen:

Correct Azure configuration in Authress

[Optional] Verifying your publisher ownershipโ€‹

Microsoft has one last optional step that you can take later to create an Microsoft Partner Network Publisher that can be attached to your Azure AD registration. The details of doing this are available in the MPN publishing setup guide in the Azure documentation.