Get a Quote

Articles in this section

Configure Azure AD as an OIDC IdP

  • Updated:

Introduction

This article will walk you through configuring Azure AD as an OIDC identity provider (IdP) for HelloID.

Register HelloID with Azure AD

  1. Log in to your Azure portal at https://portal.azure.com/.
  2. Select the Azure Active Directory button.
  3. Select the App registrations link under the Manage menu.
  4. Select the New registration button.
  5. Enter HelloID for the Name.
  6. Select your desired option for Who can use this application or access this API.
  7. Enter the following URL into the Redirect URI field: https://customer.helloid.com/azureadoidcauthentication/consumeoidc. Replace customer.helloid.com with your HelloID portal base URL.
  8. Select the Register button to save and open the new app.
  9. Select the Authentication link under the Manage menu. Enter the following URL into the Logout URL field: https://customer.helloid.com/authentication/signoff. Replace customer.helloid.com with your HelloID portal base URL.
  10. Select the ID tokens option under the Implicit grant section.
  11. Select the Save button.
  12. Select the Certificates & secrets link under the Manage menu.
  13. Select the New client secret button. Enter an optional description and select your preferred expiration period.
  14. Select the Add button.
  15. The client secret appears under the Client secrets section. Copy its Value into a separate notepad app for later use. (Important, because you won't be able to view it again.)
  16. Select the API permissions link.
  17. Go to Add a permission > Microsoft Graph > Delegated permissions. Select the following permissions:
    1. AccessReview.Read.All
    2. Directory.AccessAsUser.All
    3. email
    4. openid
    5. profile
    6. User.Read
  18. Select the Add permissions button to confirm your changes.
  19. Select the Grant admin consent for Default Directory button to grant admin consent for all users.
  20. Select the Yes button to confirm.

Configure the Azure AD OIDC IdP in HelloID

  1. Go to Security > Authentication > Identity providers in your HelloID admin dashboard. Select the Create Provider button.
    mceclip4.png
  2. Select the Add button for Azure AD OpenID Connect.
    mceclip5.png
  3. Select the Configuration tab.
    mceclip6.png
  4. Enter the following information:
    1. Login URL
      In your Azure portal, go to Azure Active Directory > App registrations > HelloID and select the Endpoints button. Copy the OAuth 2.0 authorization endpoint (v2) value and paste it into this field. Remove the trailing authorize on this URL.
    2. Logout URL
      Enter https://login.microsoftonline.com/common/oauth2/logout.
    3. Client Identifier
      In your Azure portal, go to Azure Active Directory > App registrations > HelloID. Copy the Application (client) ID value and paste it into this field.
    4. Client Secret
      Paste the client secret value you copied into a separate notepad application in step 15 of the previous section.
  5. The required scopes are already added as defaults under Additional Scopes. Add additional scopes if needed.
  6. Configure additional options as needed. View a complete reference of IdP options here.
  7. Select the Save button to confirm.
    mceclip0.png
Was this article helpful?
0 out of 0 found this helpful
Please visit our website for more information about HelloID (identity as a service).
Return to top