Prerequisites
Before you configure provisioning, check the following in your platform account:
- Ensure you are subscribed to our Enterprise Edition plan, since this unlocks our Azure Active Directory integration options.
Please contact your representative or email us at support@formonsfire.com. - Go to the Menu -> Organization Setup page and find the section titled "External User Authentication & Provisioning".
Click the Add Connector link and select the "Azure Active Directory" option from the list of available connectors - this will save the Organization Setup page and reload it. - Make note of the SCIM Url, User Name, Password and OpenID Connect Login Redirect URI values that display on the Azure Active Directory connector details.
You will need these for the Azure Active Directory configuration steps below.
Configuring Single Sign On (OIDC Identity Provider)
1. Log in to your Azure account and navigate to Azure Active Directory > App registrations.
2. Select New Registration, enter a name for your app and select register
3. From the left pane select Authentication. In the Redirect URI's section, enter the two Redirect URI values found on your Organization Setup page into the forms below. The first Redirect Uri's type should be set to Public client (mobile & desktop). The second Redirect Uri's type should be set to Web.
4. In the Certificated & Secrets section, Click on the New Client Secret button to add a new client secret.
5. Enter a descriptive client secret name, and set to desired expiry date. (we recommend using never)
6. Copy the client secret value that was generated, and paste that into the Client Secret field found on your Organization Setup page.
7. Navigate to the overview section and copy the Application (client) ID and paste it into the OpenID Connect - Client Id field found on your Organization Setup page.
8. Whilst still on the same overview section, copy the Directory (tenant) ID from the overview screen, and combine it with the default azure login url. https://login.microsoftonline.com/{tenant}.
Example based on overview image above:
https://login.microsoftonline.com/FFFFFFFF-GGGG-HHHH-IIII-JJJJJJJJJJJJ
Copy this complete tenant url, and paste that into the OpenID Connect - Authority/Issuer URL field found on your Organization Setup page.
Remember to Save in the top right hand corner of your Organization Setup