Overview

Complete the following steps to configured Microsoft Azure Active Directory as an authentication provider


Set up an Azure AD application

1. Login to Microsoft Azure: https://manage.windowsazure.com/

2. Go to Active Directory Page (left menu bar)

.Azure 1.png


3. Go to the user page by clicking on the user name

4. On the top menu bar click ‘Applications’

.Azure 2.png


5. Click ‘ADD’ (in the bottom of the page) to add a new application

.Azure 3.png


6. Choose ‘Add an application my organization is developing”

Azure 4.png


7. Enter a name, select “WEB APPLICATION AND/OR WEB API” and hit continue

Azure 5.png


8. Add the following App properties and hit Complete

.Azure 6.png


9. Go to the Application configuration page by Clicking ‘CONFIGURE’

Azure 7.png


10. Generate Key

11. Add the ‘REPLY URL’ This field should be populated later with the callback URL that will be created when configuring the salesforce Auth. Provider.

12. Hit ‘Save’

13. Write down the Client ID and Key, you will use them to configure the Salesforce Auth. Provider

Azure 8.png


Define an Azure AD Auth. Provider in your salesforce organization

1. Go to Setup->Security Controls->Auth. Providers and create a new Auth Provider

2. Select Open ID Connect the Provider Type

.Azure 9.png

3. Enter Name

4. Enter URL Suffix. This is used in the client configuration URLs. For example, if the URL suffix of your 5. provider is ‘MyAzure’, your callback URL is similar to: https://login.salesforce.com/services/authcallback/00DB00000000iBIMAY/MyAzure

5. Use the CLIENT ID from Azure AD for the Consumer key field

6. Use the Key from Azure AD for the Consumer Secret field.

7. Authorize Endpoint URL: https://login.windows.net/common/oauth2/authorize

8. Token Endpoint URL: https://login.windows.net/common/oauth2/token

9. Profile Endpoint URL: https://login.windows.net/common/openid/userinfo

.Azure 10.png

10. Click Save

Update your Azure AD application with the callback URL generated by Salesforce

1. Copy the Callback URL from for your Azure AD Auth. Provider configuration

.Azure 11.png

2. Update the “REPLAY URL” on your Azure application configuration

.Azure 12.png


Test Connection with Azure AD

1. Go to the Azure AD Auth. provider detail page and copy the Test-Only Initialization URL

2. Open a browser and enter the test URL

.Azure 13.png

3. You will be taken to Azure AD automatically and asked to choose and account and login

4. You might be asked to to approve access to this application based on the scopes that were specified in the Azure AD application

5. On success you will be redirected to the callback that is registered with Azure AD and the user information that was specified will be returned


.Azure 14.png

Create a registration handler

1. Download the registration handler for Azure AD from here

2. Go to Setup->Develop->Apex Classes and create the Azure AD registration handler Apex class

3. Go to the Azure AD Auth. Provider settings and select the registration handler that you’ve just created

4. Choose a user that the registration handler will execute as

.Azure 15.png


Single Sign-on with Azure AD

SSO into Salesforce

You need to have My domain enabled

1. Go to Domain Management->My Domain

2. Click Edit on the Login Page Settings Page section

3. Add the Azure AD Authentication service

.Azure 16.png

4. Save

5. Logout and go to the My Domain login page

6. Click the Azure AD button and enter your Azure AD credentials


SSO into Communities

1. Create the Azure AD Account

2. Make sure that you have enough licenses for Customer Community Users

3. Go to Setup->Customize->Communities->All Communities and on Action select Administration Settings

.Azure 17.png

4. On the following screen choose Login & Registration

.Azure 18.png

5. Under Login select add the Azure AD Authentication option

.Azure 19.png

6. Save and Close the Administration Settings window

7. Logout and go to the community login page

8. Click the Azure AD button and enter your Azure AD credentials

.Azure 20.png