Connect Azure AD
This guide provides a step-by-step walkthrough for integrating Microsoft Azure Active Directory (AD) as an identity provider with Blockbrain Auth, streamlining the registration and login experience.
Last updated
This guide provides a step-by-step walkthrough for integrating Microsoft Azure Active Directory (AD) as an identity provider with Blockbrain Auth, streamlining the registration and login experience.
Last updated
In the Blockbrain Auth system, you can connect an Identity Provider (IdP) like Azure AD to your tenant instance.
You need to have access to an Azure AD Tenant. If you do not yet have one follow this guide from Microsoft to create one for free.
Browse to the App registration menus create dialog to create a new app.
Give the application a name and choose who should be able to login (Single-Tenant, Multi-Tenant, Personal Accounts, etc.) This setting will also have an impact on how to configure the provider later on in Blockbrain Auth.
Choose "Web" in the redirect uri field and add the URL: https://auth.theblockbrain.ai/ui/login/login/externalidp/callback
Save the Application (client) ID and the Directory (tenant) ID from the detail page.
Generate a new client secret to authenticate your user.
Click on client credentials on the detail page of the application or use the menu "Certificates & secrets"
Click on "+ New client secret" and enter a description and an expiry date, add the secret afterwards
Copy the value of the secret and store it in a safe place (Password Manager) for future usage. You will not be able to see the value again in Azure in the future.
If you lose your secret or if the secret is expired, you need to create a new secret again.
To allow Blockbrain Auth to get the information from the authenticating user you have to configure what kind of optional claims should be returned in the token.
Click on Token configuration in the side menu
Click on "+ Add optional claim"
Add email, family_name, given_name and preferred_username to the ID token
To be able to get all the information that Blockbrain Auth needs, you have to configure the correct permissions.
Go to "API permissions" in the side menu
Make sure the permissions include "Microsoft Graph": email, profile and User.Read
OpenID authorization is essential for enabling the OpenID Connect protocol. This protocol is particularly important for managing user logins and issuing ID tokens in applications.
In the context of app registration, 'other permissions' refer to the specific access rights or 'scopes' required by an application. These Scopes determine what data and features the application can access on behalf of the user.
User Consent: On the user's first login, they will be prompted to grant these permissions. This step is crucial for ensuring user agreement and security compliance. Depending on your Organization setup, admin consent might be needed.
After the consent was fulfilled, the permissions will be active and listed in the App Registration - Authentication and signin is now possible, the application has the necessary access rights.
The "Other permissions granted" should include "Microsoft Graph: openid"
