In addition to SAML, FastDraft also supports OAuth connections to Azure AD for SSO. To enable SSO in FastDraft using OAuth, the customer is required to create a new App Registration within Azure AD/Entra ID.
Creating a new App Registration in Azure/Entra ID
1. Log in to your account at https://portal.azure.com
2. Search for and open the Microsoft Entra ID module.
3. Select the 'App Registrations' blade to view existing, and add new app registrations. Below is a list of the existing app registrations as an example.
4. To create a new app registration click the New Registration button above the list of current app registrations.
5. Provide the below information (see important notes below) and click Save.
Note:
- Ensure you select the correct API access option. The recommended option here is the second option. This will allow users in your tenant, both internal and external, as well as support staff from Built Intelligence's tenant to access your instance of FastDraft.
- The redirect Uri will be specific to your instance of FastDraft. For example, if your instance of FastDraft is hosted at https://customerX.builtintelligence.com then the redirect Uri will be: https://customerX.builtintelligence.com/auth/callback/fastdraftssoazuread
- In order to support your instances of FastDraft, Built Intelligence staff will require guest/external accounts within your tenant. To invite external/guest users to your tenant, please read this document.
6. The next step is to ensure the correct claims are exchanged between FastDraft and the customer's Idp (Azure AD). To add the required claims, perform the following steps:
- Open the newly created App Registration
- Select the API permissions blade
- Be sure to configure the below permissions
7. The final step is to create the certificate for the app registration. Select the Certificates and secrets blade and then New client secret
8. Enter the name of the secret and an expiration period. We recommend 12 months, but this will be down to your security requirements.
Note: You are required to notify Built Intelligence when the secret is due to expire. If the secret expires without notifying Built Intelligence of the new secret, users will not be able to log in to FastDraft.
9. The final step is to provide Built Intelligence with the below information:
- Tenant Id (available from the overview blade of the new app registration)
- Client/Application Id (available from the overview blade of the new app registration)
- Client Secret (available after creating the new secret)
Comments
0 comments
Please sign in to leave a comment.