Example: Configuring Azure AD using OIDC for External Authentication

The following example is configuring OpenID Connect on Azure to use with CloudControl for External Authentication.

1. In Microsoft Azure, register Entrust CloudControl as an application.

   Enter the name, select 'Accounts in this organizational directory only', and enter the following for the Redirect URI:

   https://<CloudControl_login_url>/asc/api/rest/v1/login

2. Click Register.

   The application page displays.

3. Click Certificates & secrets in the sidebar to create a client secret.

4. In the Client secrets section, click New client secret.

5. In the Add a client secret window, enter a description, set the expiration date, and click Add.

6. Copy the client secret value to a text window for later use.

7. Click Token configuration in the sidebar and then click Add optional claim.

8. In the Add optional claim window, select 'ID' for the token type and 'upn' and 'sid' for the claim.

9. Click Add.

10. In the pop-up window, check the 'Turn on the Microsoft Graph profile permission (required for claims to appear in token) checkbox.

11. Click Overview in the sidebar, and then click Endpoints.

12. In the Endpoints window, copy the OpenID Connect metadata document (up to and including the v2.0) to a text window.

    For example, https://login.microsoftonline.com/a995284f-7628-4646-b755-ja0e3c7f0264/v2.0

    Note: This will be the CloudControl base URL.

13. Close the Endpoints window to return to the Overview page.

14. Copy the Application (client) ID to a text window.