Setting up SSO

To-do list for setting up SSO

Creating the Azure AD Application

1. Log into Microsoft Azure.
2. Go to Azure Active Directory
   
3. Select “Enterprise Applications” on the left sidebar:
   
4. Click “New Application” on the top bar:
   
5. Click “Create your own application” on the top bar:
   
6. Select “Register an application to integrate with Azure AD” and provide a name, and select “Create”:
   
7. For “Supported account types” select “Accounts in this organization only” and provide the Redirect URI. The Redirect URI has the format:
   “https://keycloak.${ENVIRONMENT_NAME}.corti.live/realms/${ENVIRONMENT_NAME}/broker/oidc/endpoint”
   
   
8. If it does not take you to the newly created application, go back to the “Enterprise Applications” stage (step 3) and select the newly created application from the list.
9. Once inside your application, select “Single sign-on” from the left sidebar:
   
10. Click “Go to application” inside the “Configure application properties” box:
    
11. Then select “API permissions” from the left sidebar:
    
12. Click “Add a permission”:
    
13. Select “Microsoft Graph” on the sidebar that pops out:
    
14. Select “Delegated permissions”
    
15. Select “email”, “openid”, and “profile” from the “OpenId permissions” section, then click “Add Permissions”
    
16. Now let’s create a client secret to be able to securely connect Keycloak & Azure AD. Start by selecting “Certificates & secrets” from the left sidebar:
    
17. Click “New client secret”
    
18. Enter a descriptive name and set an expiry period:
    
19. A secret will be created. Copy this and put it in a safe place (1password preferably). 

20.  Make sure to note down the following two values from the “Overview” page:

1. 1. Application (client) ID
   2. Directory (tenant) ID

Creating the Keycloak Application

Reach out to your Corti Customer Success to configure this step.