Fluent Commerce Logo
Docs
Sign In

Configure Azure AD connection via OIDC

How-to Guide

Author:

Fluent Commerce

Changed on:

26 Oct 2023

Key Points

  • Adding the application to PingOne
  • Registering application with Microsoft
  • Getting the client ID and client secret for the application
  • Setting up API permissions
  • Adding the identity provider in PingOne
  • Adding the Redirect URI to the Microsoft portal
  • Do not forget

Steps

Adding the application to PingOne

Registering application with Microsoft

Step arrow right iconStep 1

Go to Microsoft Azure portal. If one does not have a Microsoft Azure account, they can create one.

Step arrow right iconStep 2

Under Azure services, click Azure Active Directory.

No alt provided

Step arrow right iconStep 3

On the left, click App registrations.

No alt provided

Step arrow right iconStep 4

At the top, click New registration.

No alt provided

Step arrow right iconStep 5

Under Name, enter a user-facing display name for the application.

Step arrow right iconStep 6

Under Supported account types, select any multi-tenant option. In case you need help to choose the option, click Help me choose link.

No alt provided

Step arrow right iconStep 7

Leave Redirect URI blank for now. This value will be required to enter after creation the identity provider in PingOne.

Step arrow right iconStep 8

Click Register.

No alt provided

Getting the client ID and client secret for the application

Step arrow right iconStep 2

Under App registrations, select the application.

Step arrow right iconStep 3

On the left, click Certificates and secrets.

No alt provided

Step arrow right iconStep 4

Under Client secrets, click + New client secret.

No alt provided

Step arrow right iconStep 5

Enter the following:

  • Description. A brief characterization of the client secret.
  • Expires. Select the duration of the certificate, based on the needs of your organization.
No alt provided

Step arrow right iconStep 6

Click Add.

Step arrow right iconStep 7

Under Client secrets, locate the value for the appropriate secret and copy it to a secure location.

No alt provided

Step arrow right iconStep 8

On the left, click Overview.

No alt provided

Step arrow right iconStep 9

Locate the Application (client) ID and copy it to a secure location.

No alt provided

Setting up API permissions

Step arrow right iconStep 2

Under App registrations, select the application.

Step arrow right iconStep 3

On the left, click API permissions.

Step arrow right iconStep 4

Click the + Add a permission button.

No alt provided

Step arrow right iconStep 5

Click Microsoft Graph, then click Delegated permissions.

No alt providedNo alt provided

Step arrow right iconStep 6

Select the following:

  • `email`
  • `offline_access`
  • `openid`
  • `profile`
  • `User.Read`

Step arrow right iconStep 7

Click the Add permissions button.

No alt providedNo alt provided

Adding the identity provider in PingOne

Step arrow right iconStep 1

Go to Connections → External IDPs.

Step arrow right iconStep 2

Click + Add Provider.

No alt provided

Step arrow right iconStep 3

Click Microsoft.

No alt provided

Step arrow right iconStep 4

On the Create Profile screen, enter the following information:

  • Name. A unique identifier for the identity provider.
  • Description (optional). A brief characterization of the identity provider.

The icon and login button cannot be changed, in accordance with the provider's brand standards.

No alt provided

Step arrow right iconStep 5

Click Next.

Step arrow right iconStep 6

On the Configure Connection screen, enter the following information:

  • Client ID. The application ID from the identity provider that you copied earlier. You can find this information on the Microsoft Azure portal.
  • Client secret. The application secret from the identity provider that you copied earlier. You can find this information on the Microsoft Azure portal.

Step arrow right iconStep 7

Click Save and Continue.

No alt provided

Step arrow right iconStep 8

On the Map Attributes screen, define how the PingOne user attributes are mapped to Microsoft attributes. Select the PingOne attribute, then select the equivalent Microsoft attribute. Select the update condition, which determines how PingOne updates its user directory with the values from Microsoft.

The options are: 

`Empty only`
 (update the PingOne attribute only if the existing attribute is empty) and 
`Always`
 (always update the PingOne directory attribute).

Step arrow right iconStep 9

Click Save and Close.

No alt provided

Adding the Redirect URI to the Microsoft portal

Step arrow right iconStep 1

Go to the PingOne console.

Step arrow right iconStep 2

Go to Connections → External IDPs.

Step arrow right iconStep 3

Locate the appropriate identity provider and then click the details icon to expand the identity provider.

No alt provided

Step arrow right iconStep 4

Click the Connection tab. Copy the Callback URL and paste it in a secure location.

No alt provided

Step arrow right iconStep 6

Under App registrations, select your application.

Step arrow right iconStep 7

On the left, click Overview.

Step arrow right iconStep 8

For Redirect URIs, click Add a Redirect URI.

No alt provided

Step arrow right iconStep 9

For Platform configurations, click + Add a platform.

No alt provided

Step arrow right iconStep 10

Under Web applications, click Web.

No alt provided

Step arrow right iconStep 11

For Redirect URIs, enter the value that you copied from PingOne.

Step arrow right iconStep 12

Click Configure.

No alt provided

Do not forget

Step arrow right icon1.

Enable the External Identity Provider.

No alt provided

Step arrow right icon2.

Create a new Authentication Policy and add the newly created External Identity Provider to it.

No alt provided

Step arrow right icon3.

Add the Authentication Policy to the application.

No alt provided
Fluent Commerce

Fluent Commerce

Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.

Fluent Logo