Skip to content

Azure

Warning

This guide should be used as a functional example only. Identity Admins should follow their Company's policies and best practices when implementing Single Sign-On (SSO).

Similarly, because these guides are for services Horizon3 does not control, screenshots and configuration options may be different then what you see here.

All sections of this page should be completed by someone with permissions for Identity Team Admin

Create Azure Enterprise Application

  1. Log into Azure Portal and browse to the "Azure Active Directory" service.

    Azure portal - azure active directory service

  2. In the left hand menu under the "Manage" section, click "Enterprise applications".

    Azure portal - enterprise applications option

  3. Then click "New Application".

    Azure portal - new application button

  4. Then click "Create your own application".

    Required Role

    You will need to have one of the following Azure AD roles in order to create a new application

    Global Administrator Application Administrator

    Azure portal - Create your own application button

  5. Name your app "NodeZero Portal".

  6. Select the "Register an application to integrate with Azure AD (App you're developing)" option.

    Azure portal - register an application to integrate radio button

  7. Click Create.

  8. On the "Register an application" page, you can choose to set a different user-facing name for the app, if desired.

  9. Ensure the "Supported account types" option is set to "Single tenant".

    Azure portal - Accounts in this organizational directory only radio button

  10. Leave the "Redirect URI" section blank for now.

  11. Click Register.

Copy Client ID

After registering the app, you'll be taken back to the "Browse Azure AD Gallery" page. Navigate back to the Enterprise applications page, find your newly created app, and click it.

  1. Click on the Overview page.
  2. save the Application ID. This is the Client ID that you will need to provide to your Portal Org Admin later.

Steps for copying the client ID.

Configure Single Sign-On

Under the Manage section of the left hand menu,

  1. Click Single sign-on.
  2. Click Go to application.

Steps for configuring single sign-on.

Copy Issuer URL

On the new Overview page (step 1), click the Endpoints tab (step 2) and copy the OpenID Connect metadata document value (step 3). This is this Issuer URL that you will need to provide to your Portal Org Admin later.

Steps for copying issuer url.

Configure Authentication

Under the Manage section,

  1. Click Authentication.
  2. Click Add a platform under the "Platform configurations" section.
  3. In the form that opens to the right, click the Web button under the "Web applications" section.

Steps for configuring authentication.

Use the information in the below table to fill out the "Redirect URIs" field. Be sure to select the correct tab based on which regional Portal your users access.

Field Value
Sign-in redirect URIs https://portal.horizon3ai.com
https://auth.horizon3ai.com/oauth2/idpresponse
Field Value
Sign-in redirect URIs https://portal.horizon3ai.eu
https://auth.horizon3ai.eu/oauth2/idpresponse
Adding multiple Sign-in redirect URIs

The initial form appears to only allow you to enter a single URI. Enter the first URI from the appropriate table below, click Configure, then click the Add URI link in the Web > Redirect URIs section on the main page. Enter the 2nd URI and click Save.

Azure Portal - Redirect URIs section - Add URI link

Create Client Secret

Under the Manage section,

  1. Click Certificates & Secrets.
  2. Click New client secret.
  3. Enter a description.
  4. Set the Expires column to a value that aligns with your Company's policies.

  5. Click Add.

    Steps for creating a client secret.

  6. Copy the Secret Value.

    Secret Value - copy link

This is the Secret VALUE, that you will need to provide to your Portal Org Admin later.

Configure API Permissions

Under the Manage section,

  1. Click Api permissions.
  2. Ensure the Microsoft Graph User.Read permission is configured (it should be by default).

API Permissions section - User.Read permission

Configure App Roles

Under the Manage section,

  1. Click App roles.
  2. Click Create app role.

  3. Fill out the form that opens on the right using the information in the table below.

    Field Value
    Display name NodeZero Portal Users
    Allowed Member Types Users/Groups
    Value Read
    Description App role granting read to NodeZero Portal app.
    Do you want to enable this app role?

  4. Click Apply.

Steps to configure app roles

Provide Information to Org Admin

Provide the Client ID, Client Secret, and Issuer URL you copied in previous steps to your Portal Org Admin so they can configure the SSO Provider in Portal. After the SSO Provider has been set up, your Portal Org Admin will need to provide you the Initiator URL so you can complete the app configuration.

Configure Branding & Properties

Initiator URL

You will need the Initiator URL from your Portal Org Admin before you can proceed with this section.

Under the Manage section,

  1. Click Branding & properties.

  2. Fill out the form using the name (step 2), logo (step 3), and home page URL (step 4) information in the table below.

    Field Value
    Name NodeZero Portal
    Logo H3 Logo
    Home page URL Add Initiate login URI here

    Steps for configuring branding and properties

Click Save.

Configure Users and Groups

To grant users access to your new app, you will first need to navigate back to the Enterprise applications page we visited at the beginning of this guide.

Under the Manage section,

  1. Click Users and groups.

  2. Click Add user/group.

    Steps to create new users and app roles.

  3. Select the appropriate users/groups.

  4. Select the "NodeZero Portal Users" app role we created in a previous step.
  5. Click Assign.

Edit App Properties

By default, the app will not appear for assigned users within MyApps. You will need to edit the visibility and assignment properties of the app.

Under the Manage section, click Properties and follow these steps:

  1. Slide the toggle to "Yes" for both Assignment required? and
  2. Visible to users?.
  3. Click Save.

Steps for editing app properties.

It can take 5 - 10 minutes for the app to appear in MyApps.

At this point, users can access by navigating to MyApps, logging in with their company credentials, and selecting the NodeZero Portal application tile.