Azure AD configuration and technical details

<< Click to Display Table of Contents >>

Navigation:  Automation Service Management > Bizagi Customer Portal > Signing in to the Customer Portal >

Azure AD configuration and technical details

Overview

To integrate your Customer Portal with your corporate Azure AD you need to carry out the configuration steps as described in this section.

Note that these are done only once, typically by an admin user of your Customer Portal having access to your Azure AD.

 

Once you have carried out these steps users sign in to any cloud-based service directly via your Azure AD, as described at Signing the Customer Portal.

 

Before you start

The Customer Portal and cloud-based services supports Azure AD using the WS-Federation protocol. Other protocols are not supported.

 

What you need to do

An outline describing the configuration needed to sign in with Azure AD considers these steps:

1.Create company users

2.Register an authorized application to be used solely by Customer Portal or any other cloud-based service

3.Communicate to Bizagi for the next steps

 

Configuration

Follow the steps presented to integrate your Azure AD after you've created the company users:

 

Register an authorized application.

This step is done directly at your Azure portal by doing:

 

Sign in to Azure's portal at https://portal.azure.com.

 

AzureAD_portal01_1

 

Go into your Active Directory.

Click the Azure Active Directory option at the left panel to add a new application to it.

 

AzureAD_portal01_2

 

Add a new app.

Click the App registrations option and click on New registration located in the ribbon.

 

AzureAD_portal03

 

Input the app's basic details:

Give this application a name (can be changed later), select a Supported account Type (Single-tenant Recommended) and set

https://accounts-[your_company].bizagi.com

as Redirect URI. Web option must be selected.

 

AzureAD_portal04

 

Click Register. The application might take several minutes to create your new application

 

AzureAD_portal05

 

Make sure that the Redirect URI in the newly created app is ok, to do this, click the Redirect URI option of the newly added app.

 

AzureAD_portal06

 

Make sure is the accounts URL:

 

AzureAD_portal07

 

Open the Expose API menu,  click on Set Application ID URI

 

AzureAD_portal13

 

and configure

https://accounts-[your_company].bizagi.com

as your App ID URI

 

AzureAD_portal08

 

Click Save when done.

 

Add a new Scope and register the following information:

Scope name: https://accounts-[your_company].bizagi.com

Who can consent: Admins and users

 

AzureAD_portal14

 

Add the scope.

 

AzureAD_portal15

 

Set the Home page URL of the newly created app

To do this, go into the Branding option of the newly added app and set the Home page URL with https://accounts-[your_company].bizagi.com and click Save.

 

AzureAD_portal09

 

Set the appropriate permissions

To do this, go into the API permissions option of the newly added app and then, click Add permission.

 

AzureAD_portal10

 

Scroll Down until Supported legacy API and select Azure Active Directory Graph.

 

AzureAD_portal11

 

Select Delegated permissions and set it as is showed in the image:

 

AzureAD_portal12

 

Click Add permissions to finish.

 

Open the Endpoints section of your application:

 

AzureAD_portal16

 

And copy the Federation metadata document:

 

AzureAD_portal17

 

This information needs to be delivered to our support team.

 

Communicate with Bizagi for next steps

This step is done by contacting our support team or onboarding manager to share certain information so that the integration is successful.

Communicate to Bizagi the URL of Azure's metadata file employed for this integration.

Note that this URL needs to be publicly-available so that the Bizagi service from the cloud can target it (this file doesn't hold sensitive information).