Use the below information to configure Smart APIs by using OAuth 2.0 with Azure Active Directory (AD):
Prerequisites
-
Register an application in Azure AD to represent the SaaS application.
Register Smart Completions for SaaS application:
-
Log on to Azure portal with your Microsoft Azure account.
-
Select a relevant Azure active directory.
-
Select App Registrations > New Registration.
-
In the Register an application page, enter all the required information.
-
Add these URLs as Redirect URI - https://,siteURL./SAML/SAMLService.aspx, https://,siteURL./login.aspx
-
Once you register to a Smart API application:
-
Open Expose an API > Application ID URI and then click Set.
-
Click + icon to Add a Scope, and enter the required information.
-
Click Add Scope.
-
Get access to the Application ID, Audience API, and Scope API values.
-
Update the delivered config file in SaaS application
<add key="okta:UserNameClaim" value="preferred_username" />
<add key="okta:Issuer" value="{IssuerURL" />
<add key="okta:WellKnown" value=".well-known/openid-configuration" />
<add key="okta:Audience" value="{ApplicationID}" />
-
Identify the issuer URL using metadata document. Copy the meta document and place it in the browser.
-
Update the delivered saml.config file:
Service Provider
Name
Audience Restriction from Azure AD
Description
Describe the service provider
AssertionConsumerServiceUrl
path to SAMLService (Do not modify)
LocalCertificatePassword
password to above cert
PartnerIdentityProvider (Values from IDP metadata)
Name
Azure AD Entity ID
Description
Describe the partner identity provider
SignAuthnRequest
true
SingleSignOnServiceUrl
AzureAD Saml SingleSignOnService
SingleLogoutServiceurl
AzureAD Saml SingleSignOnService
PartnerCertificateFile
path to IDP cert, download from Azure AD and move SP server
-
Change the IDP value in database with azure EntityID value.