Microsoft Azure AD (B2E)

Learn how to integrate Strivacity Fusion with Microsoft Azure AD (B2E) so that your enterprise users can log into Fusion protected applications.

Fusion can use Microsoft Azure AD (B2E) as a Directory Service and an Identity Provider, enabling any user accounts within Azure to log in to any Fusion configured applications.

The integration with Azure AD uses Fusion's Enterprise Login.

They're two steps required to setup a your Fusion instance to use Azure AD an an Identity Provider:

Step 1: Configuring Azure AD with a Registered Application

Step 2: Configuring Fusion to use Azure AD (as an Identity Provider)

Step 1: Configuring Azure AD with a Registered Application

1) Login into portal.azure.com

2) Select Azure Active Directory

3) Select App Registrations, as below

Click to Enlarge

4) Click 'New registration' and enter the information as shown in the table below and click Register

Click to Enlarge

Field Name

Value/Description

Name

Enter a user friendly display name for the application

Supported Account Types

This defines the scope of who can use the application. You will need to determine this based upon your own use case

Redirect URI

This will be the callback URI to your Strivacity Fusion instance, in the format of https://[Fusion instance URL]/login/api/v1/socialCallback

5) The details for the newly created Strivacity Fusion application will now be displayed as shown below:

Click to Enlarge

6) Next, select Certificates and Secrets from the left hand menu. The Certificates and Secrets page will be displayed, as shown below:

Click to Enlarge

7) Next, select '+ New client secret'

Click to Enlarge

8) Upon clicking the Add button, the new client secret information will be displayed, as shown below:

Click to Enlarge

9) This completed the setup and configuration of Azure AD with a registered application for Strivacity Fusion to use. You can now proceed to step 2, below.

Step 2: Configuring Fusion to use Azure AD (as an Identity Provider)

Now that Azure AD (B2E) has been configured to use Fusion as an external application, we now need to setup Fusion to use Azure AD as an (external) Identity Provider.

1) Start by logging into the Admin Console using an admin account

2) From the left-hand menu, select External Login, then Enterprise Login

3) From the Social Login screen, click the + Create Enterprise Login Provider button from the top right hand corner

4) From the Create Enterprise Login Provider screen click the OIDC icon as shown below:

Click to Enlarge

5) The Create OIDC Login Provider screen will now be displayed as shown below:

Click to Enlarge

The table below provides guidance on how to complete and use these fields:

Field Name

Description

Name

Define a name for this Enterprise OIDC Login Provider. This name is used to refer to this provider throughout Fusion.

Login Button Text

This is the text that is displayed on the login button on the log-in screen. If no custom text is displayed here then the name will be used.

Description

Define a description to help other Fusion admins understand what this provider is used for.

Client ID

The Client ID was previously automatically generated by Azure AD during Step 5 above. Microsoft refer to this as the Application (client) ID.

Client Secret

The Client Secret was created in Step 6 above with the label Strivacity Fusion.

Auto Discovery

The Azure AD (B2E) auto-discovery URL should be entered using the following format: https://login.microsoftonline.com/[Tenant ID]/.well-known/openid-configuration The Tenant ID is available from within the Azure Portal.

Authorization Endpoint

The Authorization Endpoint will be displayed here based on auto-configuration from the auto-discovery URL.

Token Endpoint

The Token Endpoint will be displayed here based on auto-configuration from the auto-discovery URL.

Issuer

Any Issuer Information will be displayed here based on auto-configuration from the auto-discovery URL.

Userinfo Endpoint

The Userinfo Endpoint will be displayed here based on auto-configuration from the auto-discovery URL.

Scopes: OpenID

The default OpenID Connect scopes can be enabled or disabled.

Scopes: Extra

Any additional scopes can be added here.

Customer Data Handling

If you choose to synchronize and store any profile data at each login, then Fusion will retrieve and store this information which will be visible to the customer in the My Account page and to any Fusion Admin's when managing the customer identity.