Introduction:
This article contains information for IT Administrators setting up their organisations Microsoft’s Azure Active Directory service to integrate with FBO One for managing user accounts and passwords for single sign on and multi-factor authentication.
Note: If you already have the organisation AD set up, read this article for configuring FBO One and mapping users.
Required for AD setup:
- Azure Active Directory account and admin access for creating Tenant/App registration.
Contents:
Azure Active Directory setup instructions
Note: FBO One requires the following information from Azure Active Directory to configure the OpenID Directory.
- Application (client) ID: Provided by your AD service
- Directory (tenant) ID: Provided by your AD service
- Authority: e.g login.microsoftonline.com
Create App registration
-
Navigate to the ‘Azure Active Directory’ after login to portal.azure.com
New App registration
-
Navigate to ‘App registrations’ from selected Tenant.
-
Click ‘New registration’ to create a new application registration for FBO One for the directory.
Note: Ensure the Tenant selected for ‘App registrations’ contains the list of user accounts to be mapped to FBO One user accounts. Use ‘Switch tenant’ to change.
Register an application details
On the ‘Register an application’ screen (after clicking ‘New registration’, add the following details:
-
Name: Name of the App, name as ‘FBO One’ (RECOMMENDED)
-
Supported account types: Choose either:
-
‘Accounts in this organizational directory only (Test FBO One only - Single tenant)’ for directory users from single tenants.
-
‘Accounts in any organizational directory (Any Azure AD directory - Multitenant)’ for directory users from multiple tenants. RECOMMENDED
-
-
Redirect URI (optional): Add the following URI, replacing ‘FBOONENAME’ with the name of the FBO One instance:
-
-
Web> https://FBOONENAME.fbo.one/openid/return
-
-
-
Click ‘Register’ to register the application.
Add URL - App Authentication
-
Navigate to ‘Authentication’ from the ‘FBO One’ App registration
-
Click ‘Add URI’ in the ‘Web’ area.
-
Add Redirect URI: "https://FBOONENAME.test.fbo.one/openid/return"
-
Click ‘Save’
Select ‘ID tokens' for 'Implicit grant’ - App Authentication
-
Navigate to ‘Authentication’ from the 'FBO One' App registration.
-
Scroll to ‘Implicit grant’ section and enable ‘ID tokens’. Ensure that ‘Access tokens’ is disabled.
-
Click ‘Save’.
Add permissions - API permissions
-
Navigate to ‘API permissions’ from the 'FBO One' App registration.
-
Click ‘Add a permission’ in the ‘Configured permissions’ area.
-
Click ‘Microsoft Graph’ in the ‘Request API permissions’ area.
-
Choose ‘Delegated permissions’ from ‘Microsoft Graph’ area.
-
Find and select permissions:
-
offline_access
-
openid
-
profile
-
-
Click ‘Add permissions’.
Grant admin consent for App - API permissions
-
Navigate to ‘API permissions’ from the ‘FBO One’ App registration.
-
Click ‘Grant admin consent for FBO One’. Note: The the App name will display here if named differently.
-
Click ‘Yes’ to consent admin permission.
Comments
0 comments
Please sign in to leave a comment.