NAV

Azure AD Authentication

SimpleHelp supports single sign-on using with Azure AD using OpenID Connect. In order for SimpleHelp users to authenticate using Azure AD the administrator will need to create an authentication application in Azure and enter the details of that application into SimpleHelp. This guide details how to configure this Azure application.

Three steps are required to configure Azure: 1. An App Registration must be created and configured. 2. A Client Secret must be generated.

App Registrations

In Azure AD select the directory you wish to register the application with. Start by choosing App Registrations and you will be presented with a screen similar to the following:

App Registrations Screenshot

  • Press New Registration to create a new App Registration
  • Provide a Name that can be used to identify this application, such as SimpleHelp Integration.
  • For Supported account types choose the option that best specifies which users should be able to log in. If you are unsure select Accounts in this organizational directory.
  • For the Redirect URI select the Web platform and paste in the URL provided by SimpleHelp (ending in .../oidc).
  • Press Create Registration to create the app registration.

A summary for your new App Registration is presented:

App Registration Summary Screenshot

Make a note of the following details as they are required in SimpleHelp:

  • The Application (Client) ID
  • The Directory (Tenant) ID

To configure your App Registration please follow these steps:

  • In the left hand menu, expand the Manage option and select Authentication.
  • Under Implicit grant and hybrid flows check both Access and ID tokens.
  • In the left hand menu, select Token configuration
  • Press Add Groups Claim
  • Configure which groups types to return. If you wish to only return groups that are assigned to the app registration choose Groups assigned to the application.
  • Press Add to add the new group claim.
  • In the left hand menu, select API permissions
  • Press Add Permission, select Microsoft Graph, select Delegated permission and add the openid permission.

Your configured permissions should appear as follows:

Permissions Summary Screenshot

Client Secrets

To generate a Client Secret from the App Registration summary page:

  • In the left hand menu, expand the Manage option and select Certificates & secrets.
  • Press New Client Secret
  • Provide a Description for this secret and pick the Expiry duration you wish to use.
  • Press the Add button to generate the new Secret.

The new Client Secret will appear in the summary as shown below:

Client Secret Summary Screenshot

Make a note of the following details as they are required in SimpleHelp:

  • The secret Value, which can be used as the Client Secret in SimpleHelp (there is no need to note the Secret ID).

Final Steps

Now that the App Registration is configured in Azure AD, enter the following details into SimpleHelp: - Client ID - Client Secret - Tenant ID

A technician that attempts to log in using Azure AD will be presented with a web page to proceed with the login, after which they will be forwarded to the SimpleHelp server and their session will begin.