Azure AD

Setup

Setting up the Azure AD integration requires the configuration of an Azure App registration. See Azure App registration configuration.

img

Field NameDescription
IssuerSpecifies the Azure App OpenID metadata endpoint.
Client IDSpecifies the Azure App client ID.
SecretSpecifies the Azure App secret value (not the secret ID). This is the value that appears only once when you create a new client secret.

Once the validation has been performed and the configuration saved, the sync section will be available.

img

  • Sync all users - Syncs all available users along with all the groups associated to the users.
  • Sync users from specific groups - Syncs all users from the selected groups.

Azure App registration configuration

  1. Create a new App Registration

img

img

  1. Once you’ve registered your application you need to make a note of the Application Client ID and Metadata endpoint that provides the Open ID metadata. You can find it by click on Endpoints at the top of the application. The Application Client ID will be used for the Client ID configuration parameter of the Identity Provider in Trustgrid Portal. The metadata endpoint goes in the Issuer configuration parameter of the Identity Provider in Trustgrid Portal. It should be something like https://login.microsoftonline.com/<app_id>/v2.0 Ignore what comes after the /.well-known part.

img

  1. Configure the Authentication piece of the Azure app

img

  1. Add a platform by selecting the “Web” type and add the corresponding redirect uri and logout url, and select both Access Tokens and ID tokens checkboxes.
Field NameDescription
Trustgrid Redirect URLhttps://id.trustgrid.io/auth/openid/callback
Trustgrid Logout URLhttps://id.trustgrid.io/logout
  1. You need to create a secret for authentication. You can select the expiration to be any of the selections but it is recommended to give at least 1 year for expiration. Once you create the secret make sure to make a note of the “value” since that piece of information is what is going to be used under the Secret configuration parameter of the Identity Provider in Trustgrid Portal.

img

  1. Once you’ve created the client secret, navigate to “Token Configuration” and add the “email” optional claim

img

Updating Expired App Secrets

When your Azure AD client secret expires, you’ll need to create a new secret and update it in the Trustgrid Portal. To create a new client secret:

  1. Sign in to the Azure portal and navigate to your App registration
  2. Select “Certificates & secrets” from the left menu
  3. Under “Client secrets”, click “New client secret”
  4. Provide a description and select an expiration period
  5. Click “Add”
  6. Important: Copy the new secret’s “Value” (not the secret ID) immediately, as it will only be shown once
  7. Update the Secret field in the Trustgrid Portal with this new value

For more detailed instructions, refer to the official Microsoft documentation on managing app secrets.