Configure Identity Provider for SimplyAP
Before Getting Started
- Make sure you are logged into the Azure Directory where your Active Directory users reside
- One of the steps is to Grant access to the Application in Active Directory. The Application owner or Global administrator role is required. Make sure you have access, or someone is on-hand who has this access.
Navigate to Integration Settings in the Administration section of SimplyAP
After signing up for SimplyAP, log in and navigate to Integration Settings
The Identity Provider section on the right will be where we enter the Azure AD settings
Create an App in Azure Active Directory
Video Instructions
Step by Step Instructions
In a separate browser window, log in to the Microsoft Azure Portal and complete the steps below
- On MS Azure Home, go to Manage Azure Active Directory > View
- On the Left menu, select App Registrations
- On the Top Bar, select New Registration
- Insert the name of the application, for example: SimplyAP-SSO
- Press Register.
- Copy the Client ID and Active Directory TenantID from the Azure Application Overview page, as illustrated below, and Paste into the into the fields in the SimplyAP Identity Provider fields
Add a Secret to the Application
- Under Certificates & secrets, click New client secret to generate the client secret:
- Copy the value to the clipboard and paste into the SimplyAP Identity Provider Client Secret field.
Complete Azure AD Configuration
In the App Registration Overview, click Add a Redirect URI
Select Add Platform
Select Web
- Enter the following into Redirect URIs https://en-simplyap-prod.firebaseapp.com/__/auth/handler
Click Configure
Add Microsoft Graph Permissions
- In Azure AD for the App Registration, click API Permissions
- Click Add a permission and select Microsoft Graph
- Add the following Application and Delegated permissions (please make sure the Permissions have the ‘Type’ of Application or Delegated as pictured below)
- Click Grant Admin Consent for your domain if required
Adding Users to the Enterprise Application and Obtaining Object ID
- In Azure AD for the App Registration, navigate to Enterprise Applications
- Select the application from the list of applications, and copy the Object ID value then paste it into the SimplyAP Object ID field.
- IMPORTANT: the Object ID from the ‘Enterprise Application’ as pictured below is what needs to be used. There is a different Object ID as part of the App Registration that will not work for this purpose.
- Then click on Assign Users and Groups
- Add the AD users that are to be users of SimplyAP. Users can be added directly to the application. Groups can also be added to the application, and the users that are in those groups will become SimplyAP users. Please note that a corresponding Group object will not be created in SimplyAP, just the users within the group.
- Note that each user must have a value for Email Address in Active Directory to be used with SimplyAP
Verify Connection Status in SimplyAP
- Once the values have been filled in, the Identity Provider page should look similar to the one below
- Click on the blue Save button at the bottom of the page
- If the connection is successful, the Status indicator at the top-right of the page will turn green and show Connected, and the users that were added to the Enterprise application in the earlier step can be imported to SimplyAP in the Users section of the administrative area.