Azure AD configuration and technical details

<< Click to Display Table of Contents >>

Navigation:  Welcome to the Bizagi Modeler 3.7 and Modeler Services documentation > Getting started > Joining the Modeler community  > Signing in to Modeler Services > Signing in with a corporate e-mail >

Azure AD configuration and technical details


To integrate your Enterprise subscription with your corporate Azure AD you need to carry out the configuration steps as described in this section.

Note that these are done only once, typically by an admin user of your Enterprise plan  having access to your Azure AD.


What you need to do

An outline describing the configuration needed to sign in with Azure AD considers these steps:


1. Register an authorized application to be used solely by Modeler Services.

2. Communicate to Bizagi for next steps.



Follow the steps presented to integrate your Azure AD:


1. Register an authorized application.

This step is done directly at your Azure portal by doing:


1.1 Sign in to Azure's portal at




1.2. Go into your Active Directory.

Click on Azure Active Directory option at the left panel to add a new application to it.




1.3. Add a new app.

Click the App registrations option and click on New registration located in the ribbon.




1.4. Input the app's basic details:


Give this application a name (can be changed later), select a Supported account Type (Single tenant Recommended) and set


as Redirect URI. Web option must be selected




Click Register. The application might take several minutes to create your new application




1.5 Make sure that the Redirect URI in the newly created app is ok, to do this, click the Redirect URI option of the newly added app.




Make sure is the accounts URL:




Open the Expose API menu,  click on Set Application ID URI




and configure


as your App ID URI




Click Save when done.


Add a new Scope and register the following information:

Scope name: https://accounts-[your_company]

Who can consent: Admins and users




Add the scope.




1.6 Set the Home page URL of the newly created app

To do this, go into the Branding option of the newly added app and set the Home page URL with https://accounts-[your_company] and click Save.




1.7 Set the appropriate permissions

To do this, go into the API permissions option of the newly added app and then, click Add a permission.




Scroll Down until Supported legacy API and select Azure Active Directory Graph.




Select Delegated permissions and set it as is showed in the image:




Click Add permissions to finish.



1.8 Open the Endpoints section of your application:




And copy the Federation metadata document:




This information needs to be delivered to our support team.


2. Communicate with Bizagi for next steps

This step is done by contacting our support team or onboarding manager to share certain information so that the integration is successful.

Communicate to Bizagi the URL of Azure's metadata file employed for this integration.

Note that this URL needs to be publicly-available so that the Bizagi service from the cloud can target it (this file doesn't hold sensitive information).