Setting up the Azure AD integration for Single Sign On (SSO)
This guide enables you to setup an integration with your existing Azure AD so that users in your organisation can login to Flood using their Azure AD accounts.
This guide covers 3 sections:
How to set up an app on Azure AD and grant permissions for that app to read directory data.
How to set up a connection on Flood
How to log in to Flood using your Azure AD account
We also have a guide for the ability to set up to sync users from AD groups to specific Flood teams which is available upon request from Flood Support. Please raise a ticket and we'll be able to provide further information.
Setup an application on Azure AD
Flood needs to be connected to your respective Azure AD. However, we cannot connect directly to Azure itself, but via an application on Azure AD. This application will be the one to read user profiles (generally just the user's details + associated AD groups).
STEP 1 - Navigate to your Azure Active Directory, then click on App registrations on the left menu.
STEP 2 - Click on New registration.
STEP 3 - Input an application name (you can name it what you want), and Redirect URI. Please enter the Redirect URI as https://id.flood.io/login/callback, otherwise the connection will not work.
STEP 4 - Now that you have successfully created your new Azure application - you will now see the Application (client) ID. Copy this ID and store it somewhere, because we will need to use it later.
STEP 5 - Click on API permissions in the left hand side menu.
STEP 6 - OPTIONAL - If you want to use Microsoft Identity Platform API (which is recommended), you can skip this step.
Click on Add a permission.
On the side menu bar, scroll down and you will see Azure Active Directory Graph. Click on this option.
Click on Application permissions.
Scroll down, click on Directory to expand it. Select Directory.Read.All, then click on Add permissions.
STEP 6 - On the page that lists out permissions, click on 'Grant Admin consent for...' It will open a sign-in page. The Admin of Azure AD needs to log in and click Accept.
STEP 7 - Navigating to your newly created application's overview, click on 'Certificates & secrets' on the left hand side menu.
STEP 8 - Click on New client secret button.
STEP 9 - Type in a suitable description for this client secret, select Never for the Expiration time.
STEP 10 - You will now see the newly generated secret key. Please copy and store this value for later use.