App Registration
This document describes how to set up the Single Sign-On (SSO) for Orkestra on systems that use Azure for identity and access management.
Azure AD setup
To enable SSO, you must first complete the setup on the Microsoft AAD.
Register the App
1. In the Microsoft Azure portal, navigate to the "Azure Active Directory" service
2 . Select App registration
3 . And select "New Registration"
4 . Enter the following details :
Display name : Orkestra
Redirect Uri type : Public client/native (mobile & desktop)
Redirect Uri : https://login.microsoftonline.com/common/oauth2/nativeclient
Click on Register button
5 . Create new client secret
6 . Go to API Permissions => Add a permission
6 .1 Select Microsoft Graph => application permissions
6 .2 - Option 1 : Add the below Application permissions then click "Grant admin consent for Orkestra" (if your organization policy allows it. If not, please go to 6.2 - Options 2):
Application authorization will allow a better experience in content access management.
6 .2 - Option 2 : Add the below Delegated permissions then click "Grant admin consent for Orkestra" (if your organization policy doesn't allow Application authorization. If it does, please go to 6.1 - Options 1):
Orkestra Admin setup
Open Orkestra with an admin account ,and go to SSO console
Enter the following details
Organization Name : Your organization name (ex : Orkestra)
Tenant id : Go to your app registration overview => Directory(tenant) ID
3. Client id : Go to your app registration overview => Application (client) ID
4. Entreprise App Object Id : Go to Entreprise applications => orkestra => overview =>Object ID
5. App Secret : Paste your app secret previously created
6. Admin Id : automatically filled
7. Add all domains you want to authorize (ex: orkestra.online)
Last updated