Skip to content

Azure

Warning

This guide should be used as a functional example only. Identity Admins should follow their Company's policies and best practices when implementing Single Sign-On (SSO).

Similarly, because these guides are for services Horizon3 does not control, screenshots and configuration options may be different then what you see here.

All sections of this page should be completed by someone with permissions for Identity Team Admin

Create Azure Enterprise Application

Log into Azure Portal and browse to the "Azure Active Directory" service.

Screenshot

In the left hand menu under the "Manage" section, click "Enterprise applications".

Screenshot

Then click "New Application".

Screenshot

Then click "Create your own application".

Required Role

You will need to have one of the following Azure AD roles in order to create a new application

Global Administrator
Application Administrator

Screenshot

Name your app "NodeZero Portal".

Select the "Register an application to integrate with Azure AD (App you're developing)" option.

Click Create.

Screenshot

On the "Register an application" page, you can choose to set a different user-facing name for the app, if desired.

Ensure the "Supported account types" option is set to "Single tenant".

Leave the "Redirect URI" section blank for now.

Click Register.

Screenshot

Copy Client ID

After registering the app, you'll be taken back to the "Browse Azure AD Gallery" page. Navigate back to the Enterprise applications page, find your newly created app, and click it.

On the Overview page, save the Application ID. This is the Client ID that you will need to provide to your Portal Org Admin later.

Screenshot

Configure Single Sign-On

Under the Manage section of the left hand menu, click Single sign-on.

Click Go to application.

Screenshot

Copy Issuer URL

On the new Overview page, click the Endpoints tab and copy the OpenID Connect metadata document value. This is this Issuer URL that you will need to provide to your Portal Org Admin later.

Screenshot

Configure Authentication

Under the Manage section, click Authentication.

Click Add a platform under the "Platform configurations" section.

In the form that opens to the right, click the Web button under the "Web applications" section.

Screenshot

Use the information in the below table to fill out the "Redirect URIs" field. Be sure to select the correct tab based on which regional Portal your users access.

Field Value
Sign-in redirect URIs https://portal.horizon3ai.com
https://auth.horizon3ai.com/oauth2/idpresponse
Field Value
Sign-in redirect URIs https://portal.horizon3ai.eu
https://auth.horizon3ai.eu/oauth2/idpresponse
Adding multiple Sign-in redirect URIs

The initial form appears to only allow you to enter a single URI. Enter the first URI from the appropriate table below, click Configure, then click the Add URI link in the Web > Redirect URIs section on the main page. Enter the 2nd URI and click Save.

Screenshot

Create Client Secret

Under the Manage section, click Certificates & Secrets.

Click New client secret.

Enter a description. Set the Expires column to a value that aligns with your Company's policies.

Click Add.

Screenshot

Copy the Secret Value.

This is the Secret VALUE, that you will need to provide to your Portal Org Admin later.

Configure API Permissions

Under the Manage section, click Api permissions.

Ensure the Microsoft Graph User.Read permission is configured (it should be by default).

Screenshot

Configure App Roles

Under the Manage section, click App roles.

Click Create app role.

Fill out the form that opens on the right using the information in the table below.

Field Value
Display name NodeZero Portal Users
Allowed Member Types Users/Groups
Value Read
Description App role granting read to NodeZero Portal app.
Do you want to enable this app role?

Click Apply.

Screenshot

Provide Information to Org Admin

Provide the Client ID, Client Secret, and Issuer URL you copied in previous steps to your Portal Org Admin so they can configure the SSO Provider in Portal. After the SSO Provider has been set up, your Portal Org Admin will need to provide you the Initiator URL so you can complete the app configuration.

Configure Branding & Properties

Initiator URL

You will need the Initiator URL from your Portal Org Admin before you can proceed with this section.

Under the Manage section, click Branding & properties.

Fill out the form using the information in the table below.

Field Value
Name NodeZero Portal
Logo H3 Logo
Home page URL Add Initiate login URI here

Click Save.

Configure Users and Groups

To grant users access to your new app, you will first need to navigate back to the Enterprise applications page we visited at the beginning of this guide.

Under the Manage section, click Users and groups.

Click Add user/group.

Screenshot

Select the appropriate users/groups.

Select the "NodeZero Portal Users" app role we created in a previous step.

Click Assign.

Edit App Properties

By default, the app will not appear for assigned users within MyApps. You will need to edit the visibility and assignment properties of the app.

Under the Manage section, click Properties.

Slide the toggle to "Yes" for both Assignment required? and Visible to users?.

Screenshot

It can take 5 - 10 minutes for the app to appear in MyApps.

At this point, users can access by navigating to MyApps, logging in with their company credentials, and selecting the NodeZero Portal application tile.