Learn how to set up Azure SSO for TrackTik.
Overview
You can use Azure with OpenID to sign into TrackTik through a web or mobile device, so you and any related employees and colleagues can log in conveniently to TrackTik.
Before you start
Here are some things you must do before you start:
- You must have Azure admin credentials.
- If you want to use provisioning and SSO at the same time for Azure, you must complete the provisioning process first.
To learn more about the provisioning process for Azure, check out Set up and use provisioning for Azure.
- If you completed the provisioning process and want to use SSO for Azure, you can go to Step 1b: Authenticate your application.
- If you don’t want to set up provisioning and only want to use SSO for Azure, go to Step 1a: Register your application.
Set up Azure SSO for TrackTik
There are two steps to get Azure SSO set up for TrackTik:
Step 1a: Register your application
Important note
- If you want to use provisioning and SSO, you must:
- Complete the steps in Set up and use provisioning for Azure.
- Skip to Step 1b: Authenticate your application.
- If you only want SSO, you can continue.
To start the setup for Azure SSO, you need to create an app registration using your TrackTik Portal domain.
To create an app registration:
- Log into your Azure Active Directory admin center.
- Go to Azure Active Directory, and in Manage, choose App registrations.
- Select + New registration.
- In the Name box, enter a name for the app registration.
- In Supported account type, leave it as the default Accounts in this organizational directory only (MSFT only – Single tenant).
- Move down to Redirect URI:
- In the Select a platform drop-down menu, select Web.
- In the redirect URI box, enter https://[portaldomain].
- [portaldomain] is where you enter your TrackTik Portal domain.
- Select Register.
Your TrackTik Portal is now registered, and you can now find and send the app details to your solution specialist.
Step 1b: Authenticate your application
Important note
- If you only want to set up SSO without provisioning:
- Complete Step 1a: Register your application.
- Skip this step (Step 1b: Authenticate your application) and go to Step 2: Send details to your solution specialist.
If you want to use provisioning with SSO and you completed all the steps in Set up and use provisioning for Azure, you can skip the registration process and authenticate your app.
To authenticate your app:
- Log into your Azure Active Directory admin center.
- Go to Azure Active Directory, and in Manage, choose App registrations.
- Choose All applications.
- Select the app.
- In Manage, choose Authentication.
- In Platform configurations, select + Add a platform.
- Move down to Redirect URI:
- In the Select a platform drop-down menu, select Web.
- In the redirect URI box, enter https://[portaldomain].
- [portaldomain] is where you enter your TrackTik Portal domain.
- Select Register.
Your app is now authenticated, and you can now send the app details to your solution specialist.
Step 2: Send details to your solution specialist
When you finish Step 1: Register your application, you can now find and send your client ID, client secret value, and OpenID discovery URL to your solution specialist:
Client ID
To find your client ID:
- Log into Azure as an admin.
- Select Azure Active Directory.
- Choose App registrations.
- Choose All applications.
- Select the application from the list.
- You’re taken to the Overview by default, and in the Essentials collapsible panel, copy the Application (client) ID.
You can now give the client ID to your solution specialist.
Client secret value
Important note
You can only get your client secret value when you first create it; make sure save it somewhere private and secure the first time you create one.
If you or other admins don’t remember or lost the client secret value, create a new one.
To create a client secret value:
- Log into Azure as an admin.
- Go to Azure Active Directory.
- Choose App registrations.
- Choose All applications.
- Select your application from the list.
- Choose Certificates & secrets.
- Select Client secrets.
- Select + New client secret.
You can now copy and give the client secret value to your solution specialist.
Important note
For security reasons, we highly recommend not sharing your client ID and client secret value in the same email or communication channel.
OpenID Connect URL
To find your OpenID Connect URL:
- Log into Azure as an admin.
- Select Azure Active Directory.
- Choose App registrations.
- Choose All applications.
- Select the application from the list.
- Choose Endpoints.
- Copy the OpenID Connect metadata document URL.
You can now give the copied information to your solution specialist.