Microsoft Azure Active Directory Identity Provider

1. Setup App Integration in Azure AD

1.1. Prerequisites

  1. Login to your Turbomechanica account with user email provided by Mechademy.

  2. On the Turbomechanica dashboard, in the left panel click on Settings Icon > Organization > Integrations > Click on info icon on the top right corner > Select integration type as Azure AD.

  3. Note the identity provider Sign-in Redirect URI ; this will be used in later steps to create app integration.

1.2. Create App Integration

  1. Log in to the Azure AD Portal.

  2. In the left panel click on Manage > Click the App Registrations button in the side menu.

  3. In Azure AD App Registrations, create a New Registration.

  4. Enter the name Turbomechanica for your application.

  5. Select Accounts in this organizational directory only - Single Tenant.

  6. Under Redirect URI field, select Web and add following value as mentioned in Step 7.

  7. Follow the steps and provide the following mandatory configuration settings for this connection:

FieldDescription
Sign-in Redirect URIsTo obtain the value, please follow instructions in Step 3 of 1.1 Create App Integration section above.

  1. Click “Register”.

  2. You should now see the newly created app on Overview screen. Copy the Application Application (client) ID from the overview screen of your newly created app registration, we'll need this later.

1.3. Create The Client Secret In Azure AD

  1. In the left panel click on Manage > Select the “Certificates & Secrets” area from the App registration side menu.

  2. Click the “New client secret” button in the “Client secrets” section.

  3. You should now see the Client Secret creation dialog. Enter the name for the description, select expiry as per your security preference.

  4. Click the “Add” button.

  5. Copy the Application Client Secret value, we'll need this later. (Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.)

  6. You should now see the new client secret listed in the “Client Secrets” section.

1.4. Configure API Permissions

  1. On overview screen of newly created App, on the left panel under Manage tab > click on the API permissions.

  2. On API permissions screen, click on Add a permission.

  3. On the Microsoft APIs, click on the Microsoft Graph.

  4. Click on Delegated permissions.

  5. In the search text field under the “Select Permissions” heading enter the text "Directory.Read.All'. Tick the checkbox next to the “Directory.Read.All” permission.

  6. Click the “Add Permissions” button.

  7. You should now see Directory.Read.All and User.Read permissions under Microsoft Graph.

2. Setup Azure AD Integration in Turbomechanica.

  1. Login to your Turbomechanica account with user email provided by Mechademy.

  2. On the Turbomechanica dashboard, in the left panel click on Settings Icon > Organization > Integrations > Click on Add Integration on the top right corner.

  3. Add Integration Name as 'AzureAD', select Integration Type as 'Azure AD' and click Next.

  4. Follow the steps and provide the following mandatory configuration settings for this connection:

FieldDescription
Azure AD DomainYour Azure AD Domain.
Client IDTo obtain the value, please follow instructions in Step 8 of 1.2 Create App Integration section above.
Client SecretTo obtain the value, please follow instructions in Step 5 of 1.3 Create The Client Secret In Azure AD section above.
Domain AliasesYour company's domain address used in email IDs. This user's email domain will be compared to this value. If there is a match, users will be redirected to the identity provider.
  1. Click Save. Your integration is now complete. Well Done !

3. Test the Integration

  1. To test the user login process, create a test user with your company's email domain (email domain should match with value added in Domain Aliases in above section) in your Microsoft Azure AD account.

  2. Assign test user with permissions to access the newly created app.

  3. Go to your Turbomechanica domain. This time, try logging in with Azure AD credentials for test user and you should be redirected to Azure AD SSO page for login.

Note: If you face any issues regarding redirection, make sure to check your email address domain matches with Domain Alias field added in previous steps.

IdP-initiated SSO

Reference: Configure Microsoft Azure Active Directory Identity Provider