Using Microsoft Azure Active Directory as the SSO Provider for AchieveIt
This article will guide you through the requirements for allowing your users to login to AchieveIt through your organization’s Azure Active Directory (Azure AD) instance.
TL;DR – A Quick Summary
- Add a new app registration in Azure AD, enter AchieveIt as the name for the application, enter https://achieve-it.auth0.com/login/callback as Redirect URI.
- Create a new client secret. Save it for the next step.
- Client secrets output a value and an ID. AchieveIt needs the value of the secret.
- Send AchieveIt your Azure AD domain, Application (client) ID, and client secret value. We will configure the connection using the information you provide.
- Once we’ve completed the configuration, your team must test it to ensure you can login to AchieveIt with SSO credentials.
For all the details, see below.
Adding AchieveIt to Azure AD
- Create a new application
Login to Microsoft Azure Portal and choose Azure Active Directory from the sidebar.
Then under MANAGE, select App registrations.
Then click on the + New registration button to add a new application. Enter AchieveIt as the name for the application, select Web as Redirect URI type, and enter https://achieve-it.auth0.com/login/callback as Redirect URI. Register the application.
- Configure the permissions
Once the app registration has been created, you may have to configure permissions. Inside the App registration blade navigate to API permissions. Ensure the app has User.Read permission. This is the default and should already be granted.
- Create the client secret
Click on Certificates & secrets from the App registration blade. Click + New client secret. Enter a name and choose the desired duration.
If you choose an expiring secret, make sure to record the expiration date in your calendar, as you will need to renew the secret before that day in order to ensure users don't experience a service interruption.
Click on Add and the client secret will be displayed. Make sure to copy this value before leaving this screen, otherwise you may need to create a new one.
- Send AchieveIt Azure AD domain, Application (client) ID, and client secret value
Send AchieveIt your Azure AD domain, Application (client) ID, and client secret value. We will configure the connection using the information you provide.
- AchieveIt Configuration
AchieveIt will configure the connection using the information you provide. After we contact you to let you know the configuration is complete, the final step is for your team to test the configuration and ensure you can login to AchieveIt with SSO credentials.