How do I enable Azure AD 3rd party authentication?
In order to enable Azure AD as a login option for the NordLayer application, you will need to do the following:
1. Log in to your Azure dashboard
2. Click App registrations in the left menu
3. Click New registration
4. In the Name field, enter NordLayer
5. Select your supported account types
6. Click API permissions in the left menu
7. Click Add permission and add the following permissions:
- under Microsoft Graph, select Delegated permissions and mark profile and email;
- under User, select User.Read (Added automatically);
8. Save these permissions, then press Grant admin consent at the bottom of the page to grant admin consent for this directory on behalf of all of your users
9. Click Token configuration. Token type - ID, select claim: email, UPN and save it
10. After saving you will be asked to add an optional claim, check Turn on MIcrosoft Graph email… and click add
11. Double check permissions:
12. Press Authentication in the left menu
13. Select Add platform
14. Choose Web
15. Enter https://auth.nordlayer.com/v1/tokens/oauth/resolution to Redirect URL field
16. At Implicit grant, select Access tokens and ID tokens
17. Click Overview in the left menu
18. Copy Application (client) ID and keep it safe
19. Copy Directory (Tenant) ID and keep it safe
20. Click Certificates & secrets in the right menu
21. Press New client secret
22. In the description field, enter NordLayer
23. In the expiry field, select 24 months.
24. Copy the generated values and keep them somewhere safe as it is displayed only once
Once you have all these three values: Application (client) ID, Directory (Tenant) ID and Generated Client Secret Value, you can head to the Control Panel on our website and navigate to Settings - Login options. By choosing Azure AD you will be prompted to enter those three collected values. Once you submit this information, your organization members will now have the ability to log into the NordLayer application using Azure AD.
Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.