Docly

Azure Active Directory Integration

Estimated reading: 3 minutes

Create an Azure Application

To create an application, follow these steps:

  1. Sign in to Azure portal.
  2. Click Azure Active Directory.
  3. On the Azure Active Directory page, click Enterprise applications.
  4. Click New application on the top menu.
  1. Click Create your own application.
  1. Enter a name for your application, we suggest “Stemma Data Catalog“.
  2. Select Register an application to integrate with Azure AD (App you’re developing).
  1. Click Create. This should redirect you to Register an application.
  2. Under Supported account types, select Accounts in this organizational directory only (Single tenant).
  3. Under Redirect URI (optional), select Web. If you are running a hosted version of Stemma, the redirect URI should be: https://<customer>.stemma.ai/auth, where <customer> should be replaced with your company name. In case of on-premise deployment, please consult your Stemma representative for this.
  1. Click Register.

Create a client secret

To create a client secret, follow these steps:

  1. Go to Azure Active Directory and click App registrations.You must go to the top level in your Azure portal and then select Azure Active Directory. You can then select App registrations.
  1. Select your newly added application. Make a note of the Application ID.
  1. Click Certificates & secrets on the left-hand side and click New client secret.
  1. Provide a description and an expiration length that follows your security organization’s guidelines.
  2. Click Add.
  1. Copy the Value corresponding to the newly-created client secret and client secret expiration.
    This is the Relying Party OAuth Client Secret. This secret value is never displayed again after you leave this page.

Set up application permissions

You need to set up two application permissions in your Azure portal so that you can use all of the Azure AD synchronization options in Stemma. You need to set up the following permissions:

  • Azure Active Directory Graph Directory.Read.All
  • Microsoft Graph Directory.Read.All

To set up permissions, do as follows:

  1. Go to Azure Active Directory and click App registrations.You must go to the top level in your Azure portal and then select Azure Active Directory. You can then select App registrations.
  1. Select your newly added application.
  2. Click API permissions on the left-hand side and click Add a permission.
  1. Click APIs my organization uses and click Windows Azure Active Directory.
  1. Select the Azure Active Directory Graph > Directory.Read.All permission.
    a. Click Application permissions.
    b. Under Directory, click Directory.Read.All.
    c. Click Add permissions.
  1. Select the Microsoft Graph > Directory.Read.All permission.
    a. Click Application permissions.
    b. Under Request API Permission, click Microsoft Graph.
    c. Under What type of permissions does your application require?, click Application permissions.
    d. Under Directory, click Directory.Read.All.
    e. Click Add permissions.
  1. Click Grant admin consent for and then click Yes. You should see a message saying that you’ve granted consent for each of your permissions.

What We Need From You

Provide Stemma with the following information by email or Slack:

  • Application ID
  • Client Secret
  • Discovery Document Endpoint (Well Known OpenID Configurations)
  • Tenant ID – The ID of the tenant you created the application in.