Preserve Documentation

Go To Preserve Cloud

Onboarding Preserve with Microsoft Azure IDP

Introduction

This document provides step-by-step instructions for setting up the Preserve application with Microsoft Azure as the Identity Provider (IDP). The following configuration steps detail how to create an app registration and obtain essential information for integration. Please follow these steps carefully to ensure a seamless setup.

Prerequisites

  • Before you begin, make sure you have the necessary access rights to Azure Portal and the required permissions to create app registrations.
  • Have the domain name handy for where Preserve will be accessible to your users from within your organization.

Step-by-Step Guide

Step 1: Access Azure Portal

  1. Go to the Azure Portal (https://portal.azure.com).

Step 2: Create an App Registration

  1. In the Azure Portal, navigate to Azure Active Directory.
  2. Under the “App registrations” section, click on “New registration.”
  3. Provide the name “Preserve” for your app registration.
  4. In the “Redirect URI” section, enter the redirect URI for Preserve. In this case, it should be the domain of where your instance of Preserve lives + /users/auth/azure_activedirectory_v2/callback. For Example, https://<PRESERVE_DOMAIN>/users/auth/azure_activedirectory_v2/callback

Step 3: Generate Client Secret

  1. After creating the app registration, go to the “Certificates & secrets” section.
  2. Under the “Client secrets” section, click on “+ New client secret.”
  3. Enter a description for the client secret (e.g., “App Secret”).
  4. Choose an expiration period or select “Never” for no expiration.
  5. Click “Add” to generate the client secret. Be sure to note down this secret securely and share it with the Preserve Software Team. Treat it as sensitive information.

Step 4: Obtain Tenant ID and Client ID

  1. In the Azure Portal, navigate to the Preserve app registration.
  2. Take note of these values under the “Overview” section to share with the Preserve Software Team:
    • Application (client) ID: This is your Client ID.
    • Directory (tenant) ID: This is your Tenant ID.

Step 5: Configure API Permissions

  1. Navigate to the “API permissions” section of the Preserve app registration.
  2. Under the “Microsoft Graph” API, configure the following permissions:
    • Directory.Read.All (Application Permission)
      • This permission requires admin consent before it is functional. Please verify that an admin has approved this permission.
    • User.Read (Delegated Permission)
    • User.ReadBasic.All (Delegated Permission)

Step 6: Configure Logout URL

  1. Navigate to the “Authentication” tab.
  2. In the “Front-channel logout URL” field enter the Preserve domain + /sign-out. For example, https://<PRESERVE_DOMAIN>/sign-out

Step 7: Share the Configuration

  1. Share the following information with your contact on the Preserve Software Team:
  • Redirect URI
  • Client Secret (Treat this as sensitive information)
  • Tenant ID
  • Client ID

With these details, the Preserve Software Team will able to complete the integration with Microsoft Azure for Preserve.