Azure AD

Procedures to configure Plextrac to authenticate using Azure AD.

NOTE: At this time we do NOT support IDP initiated integration. This is on our roadmap but hasn't been implemented yet. Please use SP Initiated Authentication in the meantime.

  1. Login to Azure AD with your existing account ( If you don't have one, visit:

  2. Select "Portal" From the Menu Bar

  1. In the Azure Portal, select Active Directory

  2. Copy the Tenant ID on the default directory page and save for later

4. In the drop down on the left select App registrations, then click New Registration

5. Provide the following information: - A name for the application - Choose your supported account type ("Accounts in this organizational directory only" is most restrictive) - Your redirect URI. This is composed of your domain name + "/api/v2/authenticate/azure"

6. Copy the Application (client) ID and save for later

7. On the left under the "Manage" options pane, select "Certificates and Secrets"

8. Click New client secret, and fill in details. Click Add.

9. Save the client secret that is created.

10. From the "Manage" options pane, select "Token Configuration," then "+Add optional claim.

11. From the "Add optional claim" pane, first select "ID," then "Email" from the options that appear. Select "Add" at the bottom when complete.

12. Ensure that any required users are added to your Azure AD by navigating to Default Directory > Users:

Add new users as required.

Users who are not a member of your organization must be invited. In order for them to accept this invitation, they will need to have a Microsoft account. Users who do not have a Microsoft account can create one, then accept the invitation.

13. Login to Plextrac as a global admin or tenant admin

11. Navigate to the "Account Admin" section by clicking on your profile in the top right

12. Click on Authentication on the left, and then pick Azure from the dropdown.

13. Fill in the fields using the previously saved information. For the Provider URL enter:

14. Under the users tab on the left, non global admin users can now be authorized to use Azure as an authentication provider.