Skip to main content

Azure Logo

Azure Integration

This guide provides step-by-step instructions on integrating Microsoft Azure Active Directory (Azure AD) as an identity provider for your Project.

Prerequisites

  • An Azure account with access to Azure Active Directory. If you don't have one, you can sign up at Azure.

Steps to Integrate Azure AD

  1. Register a New Application in Azure AD
    • Log in to the Azure Portal.
    • Navigate to "Azure Active Directory" > "App registrations".
    • Click on "New registration".
    • Provide a name for your application.
    • Set the "Supported account types" based on your requirements.
    • For platform set type as web.
    • We will leave redirect URI empty for now, we will add it later.
    • Click "Register".
  2. Copy Configuration information
    • After registering the application, navigate to the "Overview" tab.
    • Copy the "Application (client) ID"
    • Copy the "Directory (tenant) ID"
    • Click Endpoints
    • Copy the following URLs:
      • OAuth 2.0 authorization endpoint (v2): URL for authorization requests.
      • OAuth 2.0 token endpoint (v2)l: URL for token requests.
      • Json web key set Url: This will be in the format https://login.microsoftonline.com/[directory-tenant-id]/discovery/v2.0/keys
  3. Create IdentityProvider Resource in Haste Health
    • Go to the Haste Health Admin App for your tenant.
    • Navigate to the system project.
    • Click Identity Provider
    • Click New
    • Provide the following details:
      • Name: A friendly name for the identity provider (e.g., AzureAD).
      • Status: Set to active.
      • Access Type: Set to oidc.
      • Authorization_endpiont: The OAuth 2.0 authorization endpoint copied from Azure.
      • Token_endpoint: The OAuth 2.0 token endpoint copied from Azure.
      • Jwks_uri: The Json web key set Url copied from Azure.
      • Scopes: Specify the scopes required for your application (e.g., openid profile email note openid is required to veirfy user).
      • Client ID: The Application (client) ID copied from Azure.
      • Client Secret: You will need to create a client secret in Azure:
        • In the Azure portal, navigate to "Certificates & secrets" under your registered application.
        • Click on "New client secret", provide a description and expiration period, then click "Add".
        • Copy the generated client secret value and paste it into the Client Secret field in Haste Health.
      • Enable PKCE: Azure by default will support PKCE for public clients, enable this option for enhanced security. Use S256 as the code challenge method.
      • Click Create to save the new Identity Provider configuration.
  4. Add Redirect URI in Azure AD
    • Go back to your Azure AD application settings.
    • Navigate to "Authentication" under "Manage".
    • In the "Redirect URIs" section, add a new redirect URI for your Haste Health tenant: https:://[haste-health-host]/w/[my-tenant]/system/api/v1/oidc/federated/[idp-resource-id]/callback