Privado supports use of SSO with Azure AD for authentication and user onboarding.
This article will help you in configuring SSO with Azure AD
Pre requisites Azure -
Azure Account - Sign up for an Azure account to use it as your identity provider (IdP)
Access to Microsfot Entra ID β Ensure you have administrative access to the Microsoft Entra Id(ID) Ppage. The ability to configure SSO requires administrative privileges.
Azure Document to create an app https://learn.microsoft.com/en-in/entra/identity-platform/quickstart-register-app#register-an-application
Please make sure you have the following values copied from Azure as they will be required at the time of integration -
Sign-in redirect URI : https://privado.auth.eu-west-1.amazoncognito.com/oauth2/idpresponse
Sign-out redirect URI : https://code.privado.ai/login
API Permissions Required : email, openid, profile, User.Read
User Provisioning : Group.Read.All Permission required and groups claim for ID and Access token
Configure platform Type: Web
Follow the below mentioned steps to set up SSO with Azure AD
Creating and configuring Application in Azure
Login to your Azure Account and select Microsoft Entra ID
2. Navigate to App Registration and click on "New Registration".
3. Create Application with following details
Name - Privado Code Application (example)
Supported account types - Select as per the type of directory
Redirect URI - Select Platform as "Web" and URI as "https://privado.auth.eu-west-1.amazoncognito.com/oauth2/idpresponse"
Click Register and you will be redirected to the application in Azure
4. Token Configuration
Add Groups Claim - This is for user provisioning. If you do not do this, then you will have to add users manually. Select Group Types and ID Token as seen in below screenshot and click add.
5. API Permissions
Navigate to API Permissions to select permissions as seen in below screenshot. Click on Update permissions.
5. Create Secret codes
Navigate to Certification and Secrets and click on "New Client secrets". Enter Description as "Privado App" and click Add.
Note : Copy below information to privado create azure configuration dialog to create SSO configuration for Azure.
Client ID
Client Secret
Step 2 : SSO Configuration Privado
Login to Privado and from settings, navigate to SSO tab
2. Enter Client ID, Client Secret as noted in the previous step.
3. For the issuer id, enter the url as https://login.microsoftonline.com/{tenantid}/v2.0.
Tenant id - Copy the Directory tenant id value from the Application Overview page a
4. Click on save configuration
5. Navigate to Roles tab to map Azure Group to Privado roles
