To set up Single Sign-On ( SSO ) for your web app with different Active Directory (AD) systems, such as Azure AD and Windows ADFS, you will need to provide d2o with specific information and configurations. Here’s the information d2o team need depending on what system the clients are using, Azure AD or ADFS:
- Azure AD tenant: Request the Azure AD tenant domain (e.g., yourtenant.onmicrosoft.com) associated with their organization’s Azure AD.
- Application registration: Ask if they have registered your web app as an application in Azure AD and, if so, obtain the Client ID and Client Secret associated with that registration.
- Federation Metadata URL: Ask for the Federation Metadata URL associated with their ADFS server. This URL typically provides the necessary metadata for configuring SSO.
- Certificate information: In some cases, you may need the certificate used for signing SAML tokens in the ADFS configuration.
- Metadata from d2o: d2o will provide the metadata file or URL in case your system requires it.
In both cases, d2o will provide the Redirect URLs, one for production usage, and one for testing during the integration phase (these test URLs will be removed once the integration is done). This Redirect URL determines the URLs that Azure AD should use to redirect the users back to your application after authentication. We will send you the Redirect URLs that you will need to configure in your Application Registration.
You find more information on how to setup Azure Active Directory authentication app here:
Configure Azure AD authentication – Azure App Service | Microsoft Learn