Page Comparison

...

1. Add Redirect URLs for your Picturepark

   Code Block
   https://ids-cp-ch.picturepark.com/signin-<idpid> (e.g.https://ids-cp-ch.picturepark.com/signin-bb09dece-aeb5-47fb-8be5-30504e2ba9dc)

2. The ID is the one from Picturepark when creating a new Identity Provider. 

   

3. Add a Logout URL if you would like one. This is optional and is not required for authentication to work. It is a convenience if users are logging out of the Azure AD, this will then log them out of picturepark IDS and within 10 minutes at the latest Picturepark itself.

   Code Block
   https://ids-cp-ch.picturepark.com/signout-<idpid> (e.g.https://ids-cp-ch.picturepark.com/signout-bb09dece-aeb5-47fb-8be5-30504e2ba9dc)

   

4. Implicit grant

   1. Leave this empty, don't select anything.

   2. Picturepark Open ID Connect integration uses code flow, not implicit flow.

   Advanced settings

   1. Treat application as a public client. → YES
      

      Image Removed

Add API Permissions

1. Add permission

2. Select Microsoft Graph

3. Select Delegated permissions

4. Select and save

   1. email

   2. offline_access

   3. openid

   4. profile

...

1. Open Manage > Expose an API

2. Add a scope 

   1. You'll need to set an Application ID URI before you can add permission. (Microsoft chooses one by default but it can be changed). Save and continue

   2. Scope name: user.signin

   3. Who can consent? Admins only

   4. Consent display names: User Authentication

   5. Consent descriptions: User Authentication

   6. Click Add scope

3. Add a new client application

   1. Client ID is taken from the Overview page

   2. Select Scopes

...