Using Azure Active Directory as Identity Provider

---

Configuring Azure Active Directory

Hint - example configuration

The following configuration is an example of SealCC and DPF Tracker.

1. Logon to the Azure portal and open Azure Active Directory.

2. In App registrations, select New registration to create a new app.

   

3. Select a display name for the app and register it.

4. In Authentication, select Add a platform and add a Web platform.

   

5. Add the redirect URIs with complete path and query parameters, e. g.

   • for SEALCC:

     https://127.0.0.1:9126/cgi-bin/sealcc/sealcc?function=oauthLogin&package=sealcc%3A%3Aplugins%3A%3Alogin&lastfunction=oauthlogin
     

   • for DPF Tracker:

     https://127.0.0.1:9126/cgi-bin/dpftracker?login=1
     

6. In Certificates & secrets, create a new client secret.

   

7. In Token configuration, add the groups claim to the ID token.

   

8. In API Permission, add the openid permission.

   

9. In expose an API, add a scope.

   

10. In Manifest, check the value of accessTokenAcceptedVersion. It has to be 2.

    

11. In Overview, find a list of all necessary endpoint URIs.

    

12. Configure your SEAL Systems applications with the corresponding endpoints and created scope.

    • in the given example:

      api://ff5e9507-350d-41df-afd2-7d2a561a9060/sealcc

Hint - repeat for each client

You have to repeat this for each required client:

• easyPRIMA
• PLOSSYS Administrator
• PLOSSYS CLI
• PLOSSYS Infoclient
• SEAL DocPrint
• SEAL Print Client/SEAL Operator
• SEAL OP-CLI

---