Configuring SSO via the Enhanced Web Interface: Microsoft Azure

2024-06-04

Version 1.0

If you don't have an account in Azure AD, you can register for a free account here: https://azure.microsoft.com/

Obtain the redirectUri for the account by adding your account ID at the end of the below redirectUri:

https://auth.eagleeyenetworks.com/login/oauth2/code/<account ID>

1. Log in to the Azure console https://portal.azure.com/#home and navigate to Manage Microsoft Entra ID (Previously known as Azure AD).

1. Select App Registrations.

2. Click Create New Registration.

3. Click Register an Application Wizard.

4. Select Register an Application.

5. Name the application.

6. Select Accounts in this organizational directory only.

• Use the redirectUri obtained above as the Redirect URI.

7. Select Application Overview.

8. Click Add a certificate or secret.

9. Click New client secret.

• Provide a description of the secret and the expiry date.

Copy the Value field to a text file as this can not be viewed later.

Also on the application overview page, you can find the Application ID.

10. Select API Permission. 

11. Click Add a permission.

12. Click Microsoft Graph.

13. Select email and openid.

14. Select Token Configuration.

15. Click Add optional claim.

16. Select Adding verified_primary_email is optional.

• You can update the consent page in Branding & Properties.

Assigning Users

Click Home.

1. Select Manage Microsoft Entra ID.

2. Click Enterprise Applications. 

3. Select Your Application. 

4. Click Assign Users and Groups.

5. Search for or add Users as needed.

The organizational Microsoft SSO should be configured as below:

Update Client ID (Application (client) ID) and “Client secret” with values you got from the Azure AD application created in the first section.

You can find the<tenant-id> on the application overview page.

SP initiated SSO flow:

Test logging in to the application:

1. Provide a non-admin user account at the identifier-first page.

2. Login with Azure AD and provide consent.

Ensure you have the same user on the Azure AD side.

Prerequisites for the IDP-initiated SSO flow,

1. Update the homepage URL in Branding & Properties as follows:

https://auth.<domain-branding>/sso?issuer=<registration-id>&target_link_uri=<webapp-url>.

• domain-branding can be eagleeyenetworks.com, mobotixcloud.com, etc.

• registration-id is your account id. This is found at the end of redirectUri.

webapp-url can be https://webapp.eagleeyenetworks.com (Based on the domain branding you can use different values for this. Make sure values are URL encoded.)

Ex: https://auth.eagleeyenetworks.com/sso?issuer=00032511&target_link_uri=https://webapp.eagleeyenetworks.com

2. Then navigate to the Enterprise application tab as previously done and select your application

3. Click Manage.

4. Select Properties. 

5. Update Visible to users to Yes.

IDP initiated SSO flow:

1. Go to https://myapplications.microsoft.com?tenantId=<tenant-id>.

2. Log in with a user from your EEN account.

3. Click Your Application.

• You should be redirected to your application for sign-in.

1. Select Add new users if they do not already exist.

2. Click Save Changes.

IDP initiated SSO with auto user provisioning flow:

Test logging in to the application:

1. Go to https://myapplications.microsoft.com?tenantId=<tenant-id>.

2. Log in with a user that does not have an EEN account.

3. Click Application.

• You should be redirected to the application and auto-provisioned.
  

For support please email: support@een.com 

or give us a call at: 512-473-0501

Eagle Eye Knowledge Base

US: +1-512-473-0501 

EU: 31 (0) 20 26 10 461

ASIA PACIFIC: +81-(3)-6869-5477

#1 In Cloud Media Video Surveillance Worldwide

Copyright Eagle Eye Networks. All rights reserved.