bZw SSO Setup Using Microsoft Azure

This guide outlines the steps to integrate Microsoft Azure Active Directory (Azure AD) with Myota bucketZero (bZw) for secure authentication and identity management.

Introduction

Microsoft Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud-based directory and identity management service. This document describes how to integrate Microsoft Azure Active Directory (Azure AD) as an identity provider (IdP) for Single Sign‑On using Azure AD.

Setup and Configuration

The following sections provide configuration examples using Microsoft Azure Active Directory (Azure AD) as the external Identity Provider.

Configure Microsoft Azure AD

Follow these steps to configure Microsoft Azure AD for use with OpenID Connect (OIDC):

1. Login to Azure
   

2. Go to Manage Azure Active Directory
   

3. Go to Properties > Tenant ID and note your Tenant ID for later use.
   

4. Go to App registrations > New registration.
   

5. Provide all required information.
   

6. Go to Authentication > Add a platform and select Web in Configure Platforms.
   

7. Go to Authentication > Configure Web > Redirect URI and set up your Redirect URI.

   The redirect URI should be in the form of: https://companyname.bucketzero.cloud/index.php/apps/openidconnect/redirect

    

    

8. Go to Certificates & secrets > Add a client secret and set up the client secret for your app.

   1. Please ensure that you record the client secret at the time of its creation, as it will only be displayed once.
      

9. Go to Token configuration > Add optional claim and set up the claims.
   

10. Go to API permissions > Configured permissions > Add a permission and add delegated permissions.
    

11. On the same page, set Grant admin consent to all permissions.
    

12. Go to Expose an API > Set the App ID URI and set the Application ID URI.
    

13. On the same page:

    • Add a scope > Scope name (give the scope a meaningful name like "company.bucketzero.cloud").

    • Add a scope > Who can consent (allow Admins and users to consent). You will see the full API scope name below your entered scope name.
      

14. Retrieve the CLIENT-ID after completing the Microsoft Azure setup.

    • You can find an overview of most settings by clicking on Overview.
      

With this, you will now have the capability leverage Azure AD's identity management capabilities, providing secure and efficient user authentication. With Azure AD as your identity provider, users will experience a seamless Single Sign-On (SSO) experience, eliminating the need for multiple login credentials and streamlining access to Myota bZw services.

This following information must be provided to Myota Support to complete the configuration of SSO for bZw:

• OIDC_PROVIDER_URL, which is the endpoint for the OpenID Connect provider.
  
• OIDC_CLIENT_ID, which uniquely identifies your application to the Azure AD tenant
  
• OIDC_CLIENT_SECRET, a secure key that authenticates the application to the Azure AD
  

  Please note that this refers to the Client Secret obtained in step 8.

  
• OIDC_API_SCOPE_ID, which defines the permissions that your application is requesting from the user.
  

By providing these essential pieces of information, Myota Support will be able to assist you in successfully integrating Azure AD as your identity provider, ensuring a seamless Single Sign-On experience for your users.