Setting up OpenID Connect SSO with Azure AD#

This guide explains how to set up an OpenID Client in Azure AD, for use with Argus OpenID integration.

Instructions#

  1. Log on to https://portal.azure.com with your administrator account

  2. Choose App registrations

  3. Choose New registration

  4. Choose a suitable/descriptive name, e.g. “Argus”. Keep selection for “Single tenant” and “Web”

  5. Go to the new application instance

  6. Copy the client_id from the created application, and send it to mnemonic:

    show screenshot

    azure client ID

  7. Choose Authentication

  8. Enter the Redirect URI as <a https://portal.mnemonic.no/spa/authentication/openid/provider/myprovider/authenticate (where myprovider is provided/agreed with mnemonic).

    show screenshot

    azure client ID

  9. Choose Save

  10. Choose API Permissions

  11. Select User.Read and choose Grant admin consent for <your organization>

When mnemonic has received the client_id and completed configuration in their end, you should be able to test SSO.

User mapping#

The default setup with Argus will use the email claim to identify the user.

Currently, all users must be defined up front in Argus, and configured with the email address that matches the email address returned by Azure in the email claim.

Authorization#

If desirable, you can add authorization of users in Azure AD, before they are redirected back to Argus. This is done by adding users and/or groups to the Users and groups tab in the application instance under Enterprise Applications.

If this is set up, only users added to the application will be able to successfully redirect back to Argus.