Azure AD

Azure Active Directory (Azure AD) OAuth is a secure authorization protocol used by Microsoft's cloud-based identity and access management service to allow users to grant third-party applications access to their Azure AD resources without sharing their username and password.

OAuth works by providing a token-based authentication system where a user can grant access to their Azure AD resources without disclosing their credentials to that service. The user first logs in to their Azure AD account and then grants permission to the third-party application to access specific resources using an access token. This token is then used by the application to access the authorized resources on the user's behalf, without the need for the user to provide their login credentials again.

Configuring Azure AD

Step 1: Log in at

Step 2: Click Azure Active Directory under the "Azure services" section.

Step 3: Copy the Tenant ID value and save it for later.

Step 4: Click App registrations from the left menu bar.

Step 5: Click New Registration.

Step 6: Provide the following information:

  • Name: The user-facing display name for this application (this can be changed later)

  • Supported account type: "Accounts in this organizational directory only" is the most restrictive

  • Redirect URI: Choose "Web" from the pulldown menu, then enter the value composed of domain name + "/api/v2/authenticate/azure"

Step 7: Click Register at the bottom of the page.

Step 8: Copy the value for the Application (client) ID and save it for use later.

Step 9: Click Certificates and Secrets from the left menu bar.

Step 10: Click New client secret.

Step 11: Enter a value for Description and select the desired expiration date. Click Add.

Step 12: Click Token Configuration from the left menu bar.

Step 13: Click Add optional claim.

Step 14: The new secret appears on the page. Copy the "Value" for use later.

Client secret values cannot be viewed except immediately after creation. Be sure to save the secret when created before leaving the page.

Step 15: Choose "ID" for the Token type, then select "email" from the list of options that appears after clicking "ID." Click Add.

Step 16: Navigate to the Active Directory home page and click Users from the left nav bar.

Step 17: Validate that the desired users exist in the list. Add new users as needed.

Users not members of the organization must be invited by clicking New guest user. For them to accept, they will need to have a Microsoft account.

Step 18: Log in to PlexTrac as an admin.

Step 19: Navigate to the Account Admin page. Click Security under "Security & User Management."

Step 20: Click Authentication Methods under "Authentication."

Step 21: From the OAuth Providers tab, select "Azure" from the dropdown menu "Authentication Providers."

Step 22: Enter the appropriate values for the following fields:

  • Provider Tenant ID: Enter the "Directory (tenant) ID" value copied in Step 3.

  • Identifier: Enter the "Application (client) ID" value copied in Step 8.

  • Secret: Enter the secret value copied in Step 14.

Step 23: Toggle on the Enabled button. Click Save.

Step 24: Return to "Security & User Management" and click Users.

Step 25: Under the column header "Authentication Provider," select the desired user and change the value to "Azure."

Each user has to be configured individually.

Last updated

© 2024 PlexTrac, Inc. All rights reserved.