Active Directory - Azure AD - Setup

How to connect Azure AD Open ID and seventhings



Let´s start within the seventhings software: 
  1. Log into your seventhings instance with your instance admin.
  2. Navigate to the system settings
  3. Under the "Azure Ad Link" section, select Configuration

    Bildschirm­foto 2023-03-22 um 10.59.43

  4. Here you will find all the information you need to connect. We will return to this dialog later.


Now switch to the Azure AD Admin Portal:
 
  1. Add a new application in the App Registrations Section:

    Bildschirm­foto 2023-03-22 um 11.00.57

  2. Choose an arbitrary, preferably unique name

    Bildschirm­foto 2023-03-22 um 11.02.49

    Note: The redirect URI is set in the next step.

  3. Now we add 2 platform redirection URIs. 
    To be able to connect to Azure-AD via the software (web app) and the mobile apps, we need two redirect URIs

    Bildschirm­foto 2023-03-22 um 11.03.57
    Please select the web application Web

  4. You will find the redirect URI in the opened dialog of the seventhings software.
    1. Please copy the Mobile Redirect URI from seventhings to Azure AD and select ID Token.

      Bildschirm­foto 2023-03-22 um 11.05.09

      You can find the Mobile Redirect URI here:

      Bildschirm­foto 2023-03-22 um 11.05.09_1

    2. Next, the Web Redirect URI needs to be configured. To do this, simply add this URL via "Add URL".

      Bildschirm­foto 2023-03-22 um 11.05.51
      You can also find the Web Redirect URI in the seventhings dialog.
  5. For the connection a new secret key has to be created in Azure AD. To create a secret, go to Certificates and Secrets --> New private client key in the application:

    Bildschirm­foto 2023-03-22 um 11.06.10
    1. Create the key with a unique description and expiration date that fit your corporate compliance requirements.

      Bildschirm­foto 2023-03-22 um 11.06.54

    2. Copy the value of the secret key from Azure AD

      Bildschirm­foto 2023-03-22 um 11.07.30


      Add the value to the Client Secret field in seventhings.
      Bildschirm­foto 2023-03-22 um 11.07.30_1


  6. Now we switch to the application overview in the Azure AD and copy the two values Client ID and Tenant ID to the following seventhings settings

    Bildschirm­foto 2023-03-22 um 11.08.24


    Bildschirm­foto 2023-03-22 um 11.08.24_1

  7. As soon as you save and close the form in seventhings, the connection between Azure AD and seventhings is active.

  8. In Azure AD, API permissions must now be granted to the application and granted by an administrator. 

    The permissions must be set as follows:

    Permission name Type Admin consent required
    openid delegated YES
    User.Read delegated YES


    Bildschirm­foto 2023-03-22 um 11.26.09

  9. Depending on the settings in the application, groups or users must now be authorized / added for the application. 
  10. How the login works after successful configuration you can read here: https://support.seventhings.com/en/active-directory-azure-ad