Note* At this time, SSO can only be used for authentication. We do not provision profiles through SSO.
To setup a specific Azure AD Instance we will need the following
- Application (client) ID
- Directory (tenant) ID
- OpenID Connect metadata document
- Application (client) Secret Value
Overview
- Register application
- Configure authentication
- Generate application secret
- Configure branding
1. Register Application
From “All Services” select “All” then scroll to “Azure Active Directory”
Under “App registrations” select “New registration.”
Fill out a new registration for KPA EHS.
- Name: KPA EHS
-
Redirect URI:
https://mobile.kpaehs.com/sso/return
Copy the following details
- Application (client) ID
- Directory (tenant) ID
- OpenID Connect metadata document
2. Configure authentication
Authentication
- “ID tokens” ✅
API permissions
- “Grant admin consent” ✅
- If this is not enabled then any user can deny consent and be unable to sign-in.
3. Generate Application secret
Certificates & Secrets
- Select “New client secret”
- Description: KPA EHS
-
Expires: 24 months
- Ideally, this would be the maximum allowed. SSO will stop working once this expires.
- Copy the Value column to use for our Application (client) Secret Value
- The Secret ID column is for your own reference.
4. Configure branding
- Name: KPA EHS
-
Logo:
https://s3.amazonaws.com/common.kpaehs.com/sso/kpa-ehs-logo.png
Complete
The app registration should be complete.
With this we can test and enable SSO through the SSO Administration page.
Contact support if you have any questions.