Configure Microsoft Azure AD for use in N-central

You need to save the applicable values for later when you configure SSO in N-central:

  • Application (client) ID

  • Directory (tenant) ID

  • Client secret

Microsoft recommends Certificate in Azure Key Vault as the preferred authentication type. See Key Vault Overview for more information.

To configure Microsoft Azure AD for use in N-central

  1. Log in to your Microsoft Azure Account.

  2. Go to Azure Active Directory.

  3. Click Add and select App registration.

  4. Enter a name for the application and click Register.

    You can also register a Multi-tenant app if you have customers that log in with SSO. If you are registering a Multi-tenant app, you need to have an MPN ID.

  5. Save the following values. You will need them to configure SSO in N-central:

    • Application (client) ID

    • Directory (tenant) ID

  6. Click Add a certificate or secret.

  7. If you want to add a certificate in Azure Key Vault (recommended), do the following:

    Click New client secret, enter a name or description for the secret and click Add.

    You must reissue a client secret before it expires.

  8. Save the client secret value.

    You will need the secret value later if you choose to use it for authentication in N-central. See Configure Microsoft Azure AD as an IDP in N-central.

  9. Go to Authentication, click Add a platform, and then click Web.

  10. Enter your N-central redirect URLs and click Configure. Use the following formats for your redirects:

     

    https://YourN-central-URL-Here/azureSignInLoginAction.action

     

    https://YourN-central-URL-Here/dms/rest/user/ssoLogout

     

  11. If you created a Multi-tenant app, you need to enter your MPN ID. Go to Branding & Properties and click Add MPN ID to verify publisher.

You must provide consent for the application to access your organization's data in Microsoft Azure AD.

  1. Go to API permissions > Add a permission > Microsoft Graph.

  2. Click Application permissions, find Directory and select the following options:

    • Directory.Read.All

  3. Find User.Read and select the following options:

    • User.Read.All

  4. Click Add permissions.

  5. Click Grant admin consent for <app_name>.

Your Azure AD Provider is ready now ready for use in N-central.