Setup ConnectSecure Identify Provider - Microsoft
Microsoft
Microsoft Azure AD Configuration
Register a new client
Browse to the App registration menus create dialog to create a new app.
Give the application a name and choose who should be able to login log in (Single-Tenant, Multi-Tenant, Personal Accounts, etc.) This setting will also have an impact on how to configure the provider later on in ZITADEL.
Choose "Web" in the redirect uri URI field and add the URL:
Example redirect url URL for the domain:
https://authprod.myconnectsecure.com/ui/login/login/externalidp/callback
Save the Application (client) ID and the Directory (tenant) ID from the detail page separately as these needs need to be copied into the ConnectSecure portal.
Add client secret
...
Click on client credentials on the detail page of the application or use the menu "Certificates & secrets"
Click on "+ New client secret," and enter a description and an expiry date, add the secret afterwardsafterward
Copy the value of the secret. You will not be able to see the value again after some time
...
To allow ZITADEL to get the information from the authenticating user, you have to configure what kind of optional claims should be returned in the token.
...
Go to "API permissions" in the side menu
Make sure Ensure the permissions include "Microsoft Graph": email, profile, and User. Read
The "Other permissions granted" should include "Microsoft Graph: openid"
...
To Add an Identity Provider in Your ConnectSecure Instance.
Login to the ConnectSecure portal and Click on Profile.
...
Click on the Company Logo.
...
Navigate to the Settings.
Modify your login policy in the menu Login Behavior and Security.
Enable the attribute External IDP allowed.
...
Go to the Settings page of your instance or organization and choose "Identity Providers.".”
In the table, you can see all the providers you have configured. Also, you will see all provider templates that are available to be configured.
...
The Microsoft template has everything you need preconfigured. You only have to add the client ID and secret, you have created in the previous step before.
You can configure the following settings if you like, ; a useful default will be filled if you don't change anything:
...
Once the details are filled in and options are selected, click on Create.
...
Under the Identity Provider table, select the created record and Click on set as available.
...
Login to the ConnectSecure Portal and enter the Tenant Name.
Click on Use External Authentication to login log in to the portal.
...
Provide all the fields (Give Name, FamilyName, Username, E.mail, Phone number, Language) and click on Register to create a user in the ConnectSecure portal.
...