orchestrator
2021.10
false
- Getting started
- Best practices
- Tenant
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- About the host level
- Managing system administrators
- Managing tenants
- Reconfiguring authentication after upgrade
- Allowing or restricting basic authentication
- Configuring SSO: Google
- Configuring SSO: Azure Active Directory
- Setting up the Azure AD Integration
- Configuring system email notifications
- Audit logs for the host portal
- Maintenance Mode
- Organization administration
- Troubleshooting
Configuring SSO: Azure Active Directory
OUT OF SUPPORT
Orchestrator User Guide
Last updated Oct 31, 2024
Configuring SSO: Azure Active Directory
If you enable the Azure AD integration at the host level, as described on this page, you cannot enable it at the organization/tenant level.
The integration at the host level only enables SSO. But if enabled at the organization/tenant level, the integration allows for SSO, but also for directory search and automatic user provisioning.
Note: The below steps are a broad description of a sample configuration. For more detailed instructions, see the Microsoft documentation for configuring Azure AD as an authentication provider.
- Log in to the Azure portal as an administrator.
- Go to App Registrations, and click New Registration.
- In the Register an application page, fill in the Name field with a name for your Orchestrator instance.
- In the Supported account types section, select Accounts in this organizational directory only.
- Set the Redirect URI by selecting Web from the drop-down list and filling in the URL of your Orchestrator instance, plus the suffix
/identity/azure-signin-oidc
. For example,https://baseURL/identity/azure-signin-oidc
. - At the bottom, select the ID tokens checkbox.
- Click Register to create the app registration for Orchestrator.
- Save the Application (Client) ID to use it later.
Now that Orchestrator is integrated with Azure AD Sign-In, user accounts that have a valid Azure AD email address can use the Azure AD SSO option on the Login page to sign in to Orchestrator.
Each administrator must do this for their organization/tenant if they want to allow login with Azure AD SSO.
- Log in to Orchestrator as an administrator.
- Add local user accounts for your users, each with a valid Azure AD email address.