Azure Active Directory

Overview

You can integrate Observo with your Azure Active Directory (Azure AD) to enable Single Sign-On (SSO). The initial step involves registering an application in the Azure portal using the information provided on the Observo SSO page. Following this, you'll need to gather the Application (Client) ID, and Client Secret of that application, utilizing them to configure SSO within Observo. Further details on these procedures are elaborated in the subsequent sections of the document.

Register Azure AD application

To enable users to sign in using Azure AD, it is necessary to register your application within the Azure portal. To understand the process of registering a new application with Azure AD, refer to Register an application with the Microsoft identity platform documentation. Through this procedure, Azure AD will automatically generate an Application (Client) ID for your application; Make sure to save these details.

When configuring your app, make sure to utilize these settings:

  • Under Authentication, select Web as the platform.

  • Configure the redirect URI as: https://{ObservoAuthDomain}/login/callback

  • Create a Client Secret under Certificates & secrets.

ObservoAuthDomain can be found in SSO page of Observo UI.

Create Azure AD Connection

  • Next, proceed to create and set up an Azure AD Connection in Observo by navigating to Settings > Access Management > Single Sign-On > Create SSO.

  • Ensure that you have the followings which were generated during the setup of your application in the Azure portal.

    • Azure AD Domain

    • Application (Client) ID,

    • Client Secret.

  • Use your Azure AD Domain in the Microsoft Azure AD Domain field, your Application (Client) ID in the Client ID field, and your Client Secret in the Client Secret field.

  • You also need specify your organization's domain as Domain Aliases for discovery of your SSO while logging into Observo.

Assign Default Role

Once Azure AD SSO is configured for your organization, the default role assigned will be No Access. To change this default role, follow these steps:

  • Go to Settings > Access Management > Single Sign-On

  • Select on the three dots in right side of your configured SSO

  • Go to Edit Role Mapping and click on the Default User Role to select your preferred role. You will be able to add new roles in the Roles and Permissions section.

PreviousMicrosoft Entra ID OnPrem (SAML)NextOverview

Last updated

Was this helpful?