Azure Active Directory (AAD) Integration

Setup / Configuration

The integration in Azure Active Directory (AAD) is a two-step process:

Please go to Azure Active Directory to create a new application and register a new application:

Name: your-app-name
Supported account types:

  • Select “Accounts in this organizational directory only” to only allow users of this tenant.
  • Select “Accounts in any organizational directory (Any Azure AD directory - Multitenant)” to allow users of any tenant, including guests.
  • Select “Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) " to allow private accounts

Redirect URI: Type: Single-page application (SPA) URL: https://your-app-name.azurewebsites.net/ (or any other DNS if you have a custom domain)

Click “register”.

Once the application is registered, you will see the Application (client) ID and the Directory (tenant) ID. Please note them down.

Expose an API

Next click on “Expose an API” on the left menu. On the next page, click on “Application ID URI” in the top of the page:

Save the default URL:

Next, click on “+ Add a scope” and create a new scope in the dialog:

Scope name: user.read
Who can consent: admins only
Admin consent display name: Application can read the current users profile information
Admin consent description: Application can read the current users profile information
User consent display name: Application can read the current users profile information
User consent description: Application can read the current users profile information
State: enabled

Click on “Add scope”.

Setup

Next go to /setup on your website (e.g. https://mevitco.azurewebsites.net/setup).

In the first part, enable Authentication with Azure Active Directory (AAD) by enabling the toggle.

Enter the Client Id, Tenant Id that you noted earlier.

Click on “save” and wait approximately 1 minute.

After that, the authentication is ready to use if you reload the page. If you want to create a file link, you first need to authenticate.

Also the /my page will be shown.

Note: If the /my page does not load correctly and the browser developer tool (F12 -> Developer Tools) shows a HTTP/401 error, then you also need to edit the Manifest in Azure Active Directory. Please change the “accessTokenAcceptedVersion” to 2:

Updated on 14 Mar 2024