How do I enable Azure AD 3rd party authentication?
Important note: We are currently in the process of migrating Azure authentication from Azure Active Directory Graph over to Microsoft Graph. The implementation will be ready in January of 2022. Existing customers with functional Azure SSO won't be affected by said migration. New customers will be unable to setup Azure SSO using this guide till early Jan 2022.
In order to enable Azure AD as a login option for the NordLayer application, you will need to do the following:
1. Log in to your Azure dashboard
2. Click App registrations in the left menu
3. Click New registration
4. In the Name field, enter NordLayer
5. Select your supported account types
6. In the platform configuration field, select Web API
7. Click API permissions in the right menu
8. Click Add permission and add the following permissions:
- under Azure Active Directory Graph, select Delegated permissions;
- under User, select User.Read;
- under Microsoft Graph, select Delegated permissions.
9. Save these permissions, then press Grant admin consent at the bottom of the page to grant admin consent for this directory on behalf of all of your users
10. Click Authentication in the right menu
11. Click Add platform
12. Select Web
13. Enter https://auth.nordlayer.com/v1/tokens/oauth/resolution to Redirect URI field
14. At Implicit grant, select Access tokens and ID tokens
15. Click Overview in the right menu
16. Copy Application (client) ID and keep it safe
17. Copy Directory (Tenant) ID and keep it safe
18. Click Certificates & secrets in the right menu
19. Press New client secret
20. In the description field, enter NordLayer
21. In the expiry field, select 24 months.
22. Copy the generated values and keep them safe as it is visible only once.
Once you have all these three values: Application (client) ID, Directory (Tenant) ID and Generated Client Secret Value, you can head to the Control Panel on our website and navigate to Settings - Login options. By choosing Azure AD you will be prompted to enter those three collected values. Once you submit this information, your organization members will now have the ability to log into the NordLayer application using Azure AD.
Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.