Configuring SSO via the Enhanced Web Interface: Microsoft Azure
2025-02-05
Version 1.1
If you don't have an account in Azure AD, you can register for a free account here: https://azure.microsoft.com/
Obtain the redirectUri for the account by adding your account ID at the end of the below redirectUri:
https://auth.eagleeyenetworks.com/login/oauth2/code/<account ID>
Log in to the Azure console (https://portal.azure.com/#home) and navigate to Manage Microsoft Entra ID (previously known as Azure ID).
Go to App Registrations in the left panel and create a new registration.
Provide the following information under the Register an Application wizard:
Name the application.
Set the Supported Account Type to Accounts in this Organizational Directory Only.
Use the redirectURI as obtained in Prerequisites.
On the Application Overview screen, create a client credential using the
Add a Certificate or Secret option.
Click New Client Secret.
Enter a description of the secret and an expiration date.
Copy the Value field to a text file and save it.
IMPORTANT: This is the Client Secret cannot be retrieved again after leaving the screen.
You can find the Application (Client) ID on this screen as well.
Navigate to the API Permissions on the left panel and select Add a Permission.
Select the Microsoft Graph API.
Add Email and OpenId permissions.
Navigate to Token Configuration from the left panel and click Add Optional Claim.
In the Add Optional Claim wizard, select Adding verified_primary_email is optional.
You can also update the consent page using the "Branding & Properties" tab in the left panel.
Assign users to the application. Navigate to ”Home > Manage Microsoft Entra ID > Enterprise Applications” and select your application. Go to "Assign Users and Groups" and assign users as shown below to the application.
Use the instructions in this section to configure the organizational Microsoft SSO.
1. Update the "Client ID" (Application (client) ID) and "Client Secret" with values you got from the Azure AD application created in Prerequisites.
Test logging in to the application:
Provide a non-admin user account at the identifier-first page.
Login with Azure AD and provide consent.
Update the homepage URL in Branding & Properties as follows:
https://auth.<domain-branding>/sso?issuer=<registration-id>&target_link_uri=<webapp-url>.
domain-branding can be eagleeyenetworks.com, mobotixcloud.com, etc.
registration-id is your account id. This is found at the end of redirectUri.
Then navigate to the Enterprise application tab as previously done and select your application
Click Manage.
Select Properties.
Update Visible to users to Yes.
Go to https://myapplications.microsoft.com?tenantId=<tenant-id>.
Log in with a user from your EEN account.
Click Your Application.
You should be redirected to your application for sign-in.
Select Add new users if they do not already exist.
Click Save Changes.
Test logging in to the application:
Go to https://myapplications.microsoft.com?tenantId=<tenant-id>.
Log in with a user that does not have an EEN account.
Click Application.
You should be redirected to the application and auto-provisioned.
For support please email: support@een.com
or give us a call at: 512-473-0501
US: +1-512-473-0501
EU: 31 (0) 20 26 10 461
ASIA PACIFIC: +81-(3)-6869-5477
#1 In Cloud Media Video Surveillance Worldwide
Copyright Eagle Eye Networks. All rights reserved.