Setting up OpenID Connect SSO with Azure AD

This guide explains how to set up an OpenID Client in Azure AD, for use with Argus OpenID integration.

Instructions

1. Log on to https://portal.azure.com with your administrator account
2. Choose App registrations
3. Choose New registration
4. Choose a suitable/descriptive name, e.g. "Argus". Keep selection for "Single tenant" and "Web"
5. Go to the new application instance
6. Copy the client_id from the created application, and send it to mnemonic: ??? note "show screenshot"
7. Choose Authentication
8. Enter the Redirect URI as https://portal.mnemonic.no/spa/authentication/openid/provider/myprovider/authenticate (where myprovider is provided/agreed with mnemonic). ??? note "show screenshot"
9. Choose Save
10. Choose API Permissions
11. Select User.Read and choose Grant admin consent for <your organization>

When mnemonic has received the client_id and completed configuration in their end, you should be able to test SSO.

User mapping

The default setup with Argus will use the email claim to identify the user.

Currently, all users must be defined up front in Argus, and configured with the email address that matches the email address returned by Azure in the email claim.

Authorization

If desirable, you can add authorization of users in Azure AD, before they are redirected back to Argus. This is done by adding users and/or groups to the Users and groups tab in the application instance under Enterprise Applications.

If this is set up, only users added to the application will be able to successfully redirect back to Argus.