This article walks you through setting up single sign-on to AudioEye using Azure's Active directory and Microsoft Entra.
Configuring SSO with AudioEye requires you to provide three pieces of information from Azure:
- Application ID
- Client Secret
- OpenID Connect URL
This guide will show you how to set up in Azure's Active Directory and obtain the information you need to provide to AudioEye.
Please Note: This guide assumes that:
- The client will configure their SSO to use a single tenancy – Default Directory only - Single tenant
-
Users managed by the client will have their email set under their profiles. This is editable in the Entra ID portal. If this is not the case, AudioEye will not be able to resolve the user’s email and will automatically generate a fake email address.
Step 1: Register AudioEye as a Web App with Azure
- Log into Microsoft Azure
- Navigate to Microsoft Entra ID
- Navigate to App registrations under the Manage section of the left-hand menu.
- Click on the New registration button to open the registration form.
- Enter a display Name for your application. Note: Users of the application may see the display name when they use the app, for example during sign-in.
- Specify who can use the application, selecting the Accounts in this organizational directory only” option.
-
Under Redirect URI
-
Select Web as the option in the first dropdown field
-
Enter https://auth.audioeye.com/oauth2/idpresponse for the redirect URI value
-
- Click on the Register button to create the app.
Once Azure has created the app, you'll be redirected to the app Overview page. Do not navigate away - next steps will proceed from here.
Step 2: Configure the Application & Create a Client Secret
- In the left-hand menu, under the Manage section, navigate to Authentication.
-
Find the Front-channel logout URL text field
-
Click Save
- Next navigate to Certificates & Secrets, also under manage in the left-hand navigation.
- Click on the Client Secrets tab.
- Click in the + New client secret button.
- Add a description for your client secret.
- Select an expiration for the secret or specify a custom lifetime.
- Click Add
- Azure will now display the secrets listing page, and you should see the newly created secret displayed. Do not navigate away. You will need to copy the secret, and it will disappear forever once you leave this page.
-
Click the Copy to clipboard button next to the Value record.
-
Save this value in a text editor. This value will need to be given to AudioEye after the process is complete.
-
Step 3: Grant the App API Permissions
- While still within the context of the view for the application you just created click on the API permissions menu items.
- Click on the + Add a permission button.
- Under Select an API click on the Microsoft Graph option.
- Click on Delegated Permissions.
- Under OpenId permissions check the email, openid, and profile items.
- Click Add Permissions.
Step 4: Collect App information to send to AudioEye
At this stage the SSO configuration has been completely set up in Azure. Now AudioEye will need to complete up the configuration on our end, which requires some information from your SSO setup.
Use the steps below to retrieve the Application ID, Application Secret, OIDC URL and Domains and replace the values with your own in a test file that can be sent to your AudioEye account manager.
Application ID: ae200aed-3041-41ba-bf42-ddee110eccf9
Application Secret: y9X8Q~VEe4~3GY_WfP9gobNXaYfmcvXgUKIzubq5
OIDC URL: https://login.microsoftonline.com/3384d6d9-8416-44a5-aa3b-7b2e07f4c777/v2.0/.well-known/openid-configuration
Domains: my-domain.com, my-domain.org
-
To retrieve the Application ID, while still in the view of the application you created click on the Overview menu item near the top left under the search bar.
-
The Application ID will be displayed as one of the properties. Use the copy to clipboard icon and paste the application ID into the same text-editor you used to store the client secret.
-
-
To retrieve the OIDC URL, in the Overview screen (from the previous step) you should see an Endpoints button to the right of the search bar. Click on that Endpoints button.
-
Find the OpenID Connect metadata document URL and copy the link.
-
Paste the link into the same text-editor you used to store the client secret and app id.
-
- Finally take the values you copied for the Application ID, Secret, and OpenID URL and copy them into a text file formatted as laid out above.
- Under domains enter the email domains used for company accounts that you plan to have accessing AudioEye. If you have more than one specify them as a comma separated list
- Once complete save the file and send it to your AudioEye Account manager so that AudioEye can complete the SSO setup on our end.