Guides

Azure

Enabling SSO with Azure OIDC is based on the Microsoft documentation here.

Suggest Edits

Follow these 3 Steps

  1. Create an App Registration
  2. Configure Authentication Settings
  3. Enable OIDC in Prelude

1. Create an App Registration

  1. Navigate to the App registrations section in the Azure Portal.
  2. Select "+ New registration" toward the top of the page.
  3. Enter a name for your application
  4. Choose Single tenant as the supported account type (Accounts in this organizational directory only). Click Register.
  5. Leave Redirect URI (optional) as it is for now and click Register
  6. After registration:
    1. Copy/Save the Application (client) ID and Directory (tenant) ID from the app's Overview page.
  7. In the left menu, expand the Manage section and select Certificates & secrets and create a new Client Secret:
    1. Click New client secret, enter a description, and set an expiration period.
    2. Copy/Save the generated Client Secret Value (you won’t be able to view it later).

The following information are need to be documented/saved for later.

  • APP ID (Application (client) ID) from step 6
  • TENANT ID (Directory (tenant) ID) from step 6
  • APP SECRET (Client Secret Value) from step 7

note: if you use an existing app with "API Permissions" you must ensure that any required Admin Grant's are approved. If you have not configured any API Permissions, this is not required

2. Configure Authentication Settings

  1. Navigate to your App in the App registrations section of the Azure Portal.
  2. In the left menu, expand the Manage section and select Authentication
  3. Under Platform configurations select "+ Add a platform"
    1. Select "Web" in the "Configure Platforms" slide-out
    2. Enter the appropriate Redirect URI of the application:
      1. US1: https://api.us1.preludesecurity.com/iam/account/login
      2. EU1: https://api.eu1.preludesecurity.com/iam/account/login
    3. Enter the appropriate Front-channel logout URL:
      1. US1: https://platform.us1.preludesecurity.com/sign-out
      2. EU1: https://platform.eu1.preludesecurity.com/sign-out
  4. Ensure "ID Tokens" is selected
  5. Click Configure
  6. Optional: Back in Authentication
    1. Enable: Allow public client flows
    2. Click Save

3. Enable OIDC in Prelude

  1. In the Prelude UI, click your name/id in the top right corner, then select Account Settings then OpenID Connect Settings
    1. or select the appropriate link
    2. US1: https://platform.us1.preludesecurity.com/account/oidc
    3. EU1: https://platform.eu1.preludesecurity.com/account/oidc
  2. Enter the OIDC Information
    1. Organizational Slug: You can change this to be something indicative of your organization
    2. Provider: Azure
    3. Client ID: APP ID recorded in step 1 (Create an App Registration)
    4. Client Secret: Client Secret recorded in step 1 (Create an App Registration)
    5. Configuration URL:
      1. https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration
      2. replace {TENANT_ID} with TENANT ID recorded in step 1 (Create an App Registration).
    6. Click Save

Updated 11 days ago