Skip to main content

Configuring Azure AD Authentication

Set up Azure as your IDP

To configure Azure Active Directory authentication for Wayfinder, you must create an app registration via the Azure portal. You then use values from this app registration to configure Wayfinder.

1 - Create an app registration in Azure

To create an app registration for Wayfinder in Azure:

  1. Log in to the Azure portal and search for the App registrations service.

  2. Select New registration.

  3. Name it appropriately, for example Wayfinder.

  4. Under Support account types, select Accounts in this organizational directory only if you are only allowing access to Wayfinder internally via your organization.

  5. Register the application.

  6. In the Authentication section, Add a platform via Platform configurations, selecting Web application.

  7. Add your Wayfinder API URL to Redirect URIs, for example::

    • https://api.wf.yourorg.io/oauth/callback
  8. Under Implicit grant and hybrid flows, enable the Access token token issuing tickbox, and then save all changes.

  9. Go to the API permissions management tab and update the Microsoft Graph API to include the following OpenID permissions: email, offline_access and profile.

  10. Under the Certificates & secrets management tab, create a new client secret with an appropriate description to identify the client secret.

  11. Note the Value field of the client secret to use when configuring Wayfinder - this is your Client Secret.

  12. Note the Application (client) ID (this is your Client ID) and Directory (tenant) ID (this is your Tenant ID) values in the overview section of the application.

  13. Use the noted tenant ID, client ID, and client secret to configure Wayfinder.

Note

Wayfinder uses the Email field defined within an Azure AD user. Therefore, this field must be defined within each user in Azure.

2 - Configure Wayfinder

Use the values from the app registration above to configure Wayfinder.

To complete the Azure IDP configuration in Wayfinder:

In Wayfinder's web interface:

  1. Select Admin, navigate to Access > SSO, and then click Connect for your chosen IDP provider.
  2. Click Configure, and then provide the required information.
  3. Click Validate and test.
  4. When the validation is complete, click Connect.
note

If you change your IDP configuration to a different provider, any user who is not associated with the same email address in the new provider will lose access to their Wayfinder account.