Azure Cloud Set-Up
In order to setup Single Sign-On with Microsoft Azure Active Directory you will need to have your on-premises Active Directory users synced with Azure. A subscription to Office365 provides you with an Azure AD cloud instance that you can use to administer your user accounts. You can also use the below tool to synchronise you on-premises AD accounts to your Azure cloud instance:
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect
Note: If your on-premises domain uses a non-routable domain (such as .local domain) you'll need to convert this to a verified domain (like billa@contoso.com) in order to properly sync with Azure Active Directory (Office365)
Once you have you accounts in Azure AD you can then use these accounts to log into OpenAsset Cloud using the OAuth 2.0 SSO integration.
1. Log into https://portal.azure.com
2. On the left hand menu select 'Azure Active Directory'
3. Now select 'App Registrations'
4. Click 'New Registration' to create a new application. You can set the name as “OpenAsset” and enter the Redirect URL as Web with the URI as https://{hostname}.openasset.com/OAuth [Make sure to replace “{hostname}” with the hostname from your OpenAsset Cloud url]
The app OpenAsset will be created. Make a note of the Application ID:
5. Next click on Certificates & secrets and create a new Client secret with any Description and select an expiry date. We recommend to choose the '24 months' option.
When you click Add, the Key Value will be displayed. MAKE A NOTE OF THIS VALUE AS IT WILL NOT BE DISPLAYED AGAIN ONCE YOU NAVIGATE AWAY.
Once you have made a note of the key value and expiry date go back to App Registrations and click on Endpoints:
You want to make note of the following bits of information:
OAuth 2.0 Token Endpoint (v1)
OAuth 2.0 Authorization Endpoint (v1)
Microsoft Graph API Endpoint
The setup on the Azure side is now complete and you should have 5 bits of information:
OAuth 2.0 Token Endpoint
OAuth 2.0 Authorization Endpoint
Microsoft Graph API Endpoint
The Application ID
Key Value and Expiry Date
Send these 5 bits of information back to the OpenAsset Support Team and we can then setup the connection to Azure on the OpenAsset side.
Once this is setup, your Support Engineer will be in contact to talk you through the process of signing on.
Note: if you are unable to access the OpenAsset through the 'My Apps' page in Microsoft Azure, you may need to update the 'Home Page URL' within the 'Branding' settings so that it points to your OpenAsset system: eg. '[name].openasset.com'. Contact our Support Team if you have any questions about this configuration process.