1 of 1

Microsoft Azure

This document describes how to integrate Microsoft Azure using OpenID Connect with Naviga ID.

Prerequisites

The following steps in this document requires that you have a working Active Directory within Microsoft Azure. It can be a federation with a local Active Directory or your main Active Directory. Read more about how to Deploying Active Directory Federation Services in Azure https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/how-to-connect-fed-azure-adfs

Login to https://portal.azure.com/ and click on Azure Active Directory and the on App registrations (Preview)
Click on New registration
- Name: <Your choice of name> Proposal: Naviga Login
- Supported account types: Accounts in this organizational directory only (Standardkatalog)
- Redirect URI (optional): Web / https://imas.imid.infomaker.io
Go to Authentication within your new created app and then following URLs under Redirect URIs as Web types (organization name will be provide to you by Infomaker/Newscycle):
https://imas.stage.imid.infomaker.io/v1/org/<OrganizationName>/login-callback
https://imas.imid.infomaker.io/v1/org/<OrganizationName>/login-callback
Go to API permissions and enable the following:
- openid
- email
- offline_access
- profile

You can read more about user permissions and OpenId in the Azure documentation.

Go to Certificates & secrets and add a new Client secret
- Description: client_secret
- Expires: Your choice. But remember that you need to provide Naviga with a new Client Secret before the expiry date runs out otherwise your users will not be able to login with Naviga ID after the expiry date.
Go to Manifest and replace the following items:

"groupMembershipClaims": "All"

This will include user groups in tokens

"optionalClaims": {
    "idToken": [
        {
            "name": "given_name",
            "source": null,
            "essential": false,
            "additionalProperties": []
        },
        {
            "name": "family_name",
            "source": null,
            "essential": false,
            "additionalProperties": []
        }
    ],
    "accessToken": [],
    "saml2Token": []
},

This will include given name and last name in tokens

You are now done with configuration

Add permissions for Naviga ID to read group names

By default, Azure AD only provides group IDs in the token and in order for Naviga ID to fetch the names of those groups, additional configuration is required.

Under API permissions add the following delegated permission:

GroupMember.Read.All

This allows Naviga ID to list groups, read basic group properties and read membership of all groups the signed-in user has access to.

Gather The Required Information and Speak With Your Naviga Contact

The infomartion needed by Naviga to complete the integration

Application (client) ID for you app Example: 582fca63-a083-41f2-b8d2-0d35e3acf16f
Client secret for your app
The URL for OpenID Connect metadata document Example: https://login.microsoftonline.com/b77b73ba-4156-4e43-940b-aa34693839db/v2.0/.well-known/openid-configuration
Create at least two accounts for Naviga. One for a regular user and one for a admin user (example naviga.user@company.com and naviga.admin@company.com). This users should also be assigned to groups within Azure AD

Microsoft Azure

This document describes how to integrate Microsoft Azure using OpenID Connect with Naviga ID.

Prerequisites

Login to https://portal.azure.com/ and click on Azure Active Directory and the on App registrations (Preview)
Click on New registration
- Name: <Your choice of name> Proposal: Naviga Login
- Supported account types: Accounts in this organizational directory only (Standardkatalog)
- Redirect URI (optional): Web / https://imas.imid.infomaker.io
Go to Authentication within your new created app and then following URLs under Redirect URIs as Web types (organization name will be provide to you by Infomaker/Newscycle):
https://imas.stage.imid.infomaker.io/v1/org/<OrganizationName>/login-callback
https://imas.imid.infomaker.io/v1/org/<OrganizationName>/login-callback
Go to API permissions and enable the following:
- openid
- email
- offline_access
- profile

You can read more about user permissions and OpenId in the Azure documentation.

Go to Certificates & secrets and add a new Client secret
- Description: client_secret
- Expires: Your choice. But remember that you need to provide Naviga with a new Client Secret before the expiry date runs out otherwise your users will not be able to login with Naviga ID after the expiry date.
Copy the Value and keep it in a safe place. The value will be gone after you leave that page.
Go to Manifest and replace the following items:

"groupMembershipClaims": "All"

This will include user groups in tokens

"optionalClaims": {
    "idToken": [
        {
            "name": "given_name",
            "source": null,
            "essential": false,
            "additionalProperties": []
        },
        {
            "name": "family_name",
            "source": null,
            "essential": false,
            "additionalProperties": []
        }
    ],
    "accessToken": [],
    "saml2Token": []
},

This will include given name and last name in tokens

You are now done with configuration

Add permissions for Naviga ID to read group names

By default, Azure AD only provides group IDs in the token and in order for Naviga ID to fetch the names of those groups, additional configuration is required.

Under API permissions add the following delegated permission:

GroupMember.Read.All

This allows Naviga ID to list groups, read basic group properties and read membership of all groups the signed-in user has access to.

Gather The Required Information and Speak With Your Naviga Contact

The infomartion needed by Naviga to complete the integration

Application (client) ID for you app Example: 582fca63-a083-41f2-b8d2-0d35e3acf16f
Client secret for your app
The URL for OpenID Connect metadata document Example: https://login.microsoftonline.com/b77b73ba-4156-4e43-940b-aa34693839db/v2.0/.well-known/openid-configuration
Create at least two accounts for Naviga. One for a regular user and one for a admin user (example naviga.user@company.com and naviga.admin@company.com). This users should also be assigned to groups within Azure AD

Microsoft Azure

Prerequisites

Setting up an Azure Active Directory app to work with Naviga Login

Add permissions for Naviga ID to read group names

Gather The Required Information and Speak With Your Naviga Contact

Microsoft Azure

Prerequisites

Setting up an Azure Active Directory app to work with Naviga Login

Add permissions for Naviga ID to read group names

Gather The Required Information and Speak With Your Naviga Contact