MS Azure SSO app setup
This article explains how to setup an Azure app for the Sitelok Azure SSO plugin.
Prerequisites:
- You are already using Microsoft 365 to handle your email, log in to the MS Office suite and/or you are using Azure AD as an ID provider (which is already the case if you are using Microsoft 365)
- Your website uses SSL and the internet address starts with https://
- You will need the Redirect URI from the Sitelok Azure SSO plugin
Creating an Azure App
You will be creating an app in Azure to enable SSO (Single Sign On) between Microsoft and your Website.
Step 1: Registering the Azure app
1. Login at
https://portal.azure.com as a Global Administrator.
2. Navigate to Azure Active Directory:
3. Navigate to App registrations in your directory
4. Click + New registration
5. Choose a name for your new app. Please note: the user will see this when they log in. You can use your company’s naming convention if there is one.
6. Scroll down to ‘Supported account types’ and choose Accounts in this organizational directory only. This ensures only users with an @yourdomain.com account will be able to use the app.
7. Scroll down to ‘Redirect URI’ and select Web from the platform dropdown list and enter the Redirect URI: https://www.yourdomain.com/slpw/plugin_sociallogin/microsoftredirect.php
8. Click Register.
2. Navigate to Azure Active Directory:
3. Navigate to App registrations in your directory
4. Click + New registration
5. Choose a name for your new app. Please note: the user will see this when they log in. You can use your company’s naming convention if there is one.
6. Scroll down to ‘Supported account types’ and choose Accounts in this organizational directory only. This ensures only users with an @yourdomain.com account will be able to use the app.
7. Scroll down to ‘Redirect URI’ and select Web from the platform dropdown list and enter the Redirect URI: https://www.yourdomain.com/slpw/plugin_sociallogin/microsoftredirect.php
8. Click Register.
Step 2: Certificates and secrets
1. Go to Certificates and secrets
2. Click + New client secret
3. Add a description. (Use your company’s naming convention if there is one) and choose an expiry time. (Please note: When the Client secret expires the SSO will stop working. In that case, please create a new secret and use it in the plugin. The portal option to select the ‘Never Expire’ option for the Client Secret Expiry was removed in April 2021 by Microsoft. Client Secrets with long expiration lifetime pose a security risk.)
4. Copy the Secret value now as it will become unreadable later. Paste it in a temporary document for use later.
2. Click + New client secret
3. Add a description. (Use your company’s naming convention if there is one) and choose an expiry time. (Please note: When the Client secret expires the SSO will stop working. In that case, please create a new secret and use it in the plugin. The portal option to select the ‘Never Expire’ option for the Client Secret Expiry was removed in April 2021 by Microsoft. Client Secrets with long expiration lifetime pose a security risk.)
4. Copy the Secret value now as it will become unreadable later. Paste it in a temporary document for use later.
Step 3: the ID codes
To set up the plugin you will need the following codes from the app:
1. Secret Value (paste from your clipboard or copy it from the temporary document)
2. Directory (Tenant) ID
3. Application ID
2. Directory (Tenant) ID
3. Application ID