Status | ||||
---|---|---|---|---|
|
...
Name: Choose a name, used internally and for you to see at first glance what it is
Display name: name is shown to the users on login e.g. Company Access
Type: ADFS, Azure AD, Other
For Azure select Azure AD
Protocol: Open ID Connect
The protocol for all authentication in Picturepark is Open ID Connect.
URL
The Endpoint for OpenID, remove everything after V2.0
Example: https://login.microsoftonline.com/99292bdd-6686-4f0b-817b-f8e8571cf07c/v2.0 (you will need to enter a dummy URL until you have the client id of the application from Azure after the next step regarding what needs to be done in Azure Portal).
You find that in Microsoft Entra ID (formerly known as Azure Active Directory) > Overview - Endpoints > Open ID Connect
Client ID: The Application (client) ID once you have set this up for now enter a dummy id.
Client Secret: Open Manage > Certificates & Secrets
Sort order does not need to be filled out it will be created automatically. If you have multiple IdPs and wish to display them in a certain order you can however add a number here eg. 0,1, 2, 3 etc.
Click on create and then copy the following Id you will need it when setting up the Azure portal.
...
Open Manage > Expose an API
Add a scope
You'll need to set an Application ID URI before you can add permission. (Microsoft chooses one by default but it can be changed). Save and continue
Scope name: user.signin
Who can consent? Admins only
Consent display names: User Authentication
Consent descriptions: User Authentication
Click Add scope
Add a new client application
Client ID is taken from the Overview page
Select Scopes
...