Microsoft Login (Azure AD Single Sign-On) enables your employees to access Nepton with the standard credentials and security practices of your organization. This guidance describes the necessary configuration steps to enable Microsoft SSO for Nepton in Azure AD. Intended audience is Microsoft Azure AD or Microsoft 365 administrator of your organisation.
Your organization needs to have active Microsoft 365 or Azure AD subscription. Your organization needs to have at least one free Azure AD application registration slot available. All Microsoft 365 customers received at least 10 application registration slots on initial subscription start.
Azure AD field EMAIL is used to identify the user. This must match the Nepton field EMAIL of the user.
Nepton needs to know the Azure AD EMAIL field value of your employees. These are typically transferred to Nepton via scheduled daily user import mechanism. Please discuss this in more detail with your Nepton project manager as needed.
Azure AD email of your employee can be manually checked via following method
- Azure Portal
- Azure Active Directory
- Users, select employee
- Email can be found in one of these (use the below order):
- Profile, contact info, email
- Authentication methods, email
- Profile, user principal name
Azure AD Configuration Steps
1. Sign-in to your Azure portal https://portal.azure.com/#home
2. Azure Active Directory
3. Manage, app registrations (NOT enterprise applications)
4. Press the tab button + New Registration
5. Register an application
6. Fill in the details (NB! The type of the Redirect URI must be Web!) and press Register
7. You should now be redirected to the overview of the SSO for Nepton V2 application you just created.
8. On the left, Authentication, advanced settings, Logout URL
The URL above is case-sensitive, write URL fully in lowercase
9. On the left, Authentication, advanced settings, implicit grant, enable Access tokens and ID tokens. These are needed as Nepton authentication flow invokes Web API
11. On the left, Overview, copy the value of Application Id to notepad. You will need this value on later steps.
12. On the left, Certificates & Secrets, create new client secret. Mark this client secret as never expiring. Add. Wait until you see this notification on the top right corner:
13. Copy the Secret value to notepad. You will need this value on later steps.