Configure Single Sign-on with Microsoft Entra ID (Azure AD)
In order to configure Azure with Sekoia.io, the following steps must be done:
- Create a new application on Azure
- Connect to Sekoia.io, add a new domain that belongs to your community and wait for its validation
- Configure OpenID Connect in Sekoia.io (see associated documentation Single Sign-On With OpenID Connect)
Create an Microsoft Entra ID (Azure AD) app registration
- Visit "Microsoft Entra ID (Azure AD) " > "Manage" > App Registrations
- Use the "+ New registration" button to start the creation
- Choose a name and input the redirect URI: https://app.sekoia.io/user/callback
- Click on "Register"
Configure the registration
- On the main page, save the "Application (client) ID" for later use
- On the main page, in "Endpoints", copy your "OAuth 2.0 authorization endpoint" such as
https://login.microsoftonline.com/<YOUR TENANT ID>/. Be sure to remove the
/oauth2/v2.0/authorizesuffix from the URL.
- Under "Certificates and secrets > Client secrets" use the "+ New client secret" button to create a secret. Save this secret for later use.
Restrict access for Sekoia.io to specific users
Microsoft Entra ID (Azure AD) can be configured to prevent some users from accessing Sekoia.io.
- In "Microsoft Entra ID (Azure AD) " > "Enterprise applications": select your application
- In the "Application | Overview" > "Getting Started" > "1. Assign users and groups"
You are ready to input your configuration to Sekoia.io