1) Create an IDP in the Console IDPs page:

  • Click on Add IDP and choose the desired region (we recommend using 2 separate IDPs for staging and production)

  • Choose a unique sign-in URL.

2) Once created, you'll get sign-in, redirect, and logout links needed for Azure configuration:

3) Go to your Azure Active Directory tenant and create a new App Registration:

4) In the Authentication tab:

  • Add a platform configuration, choose Web, then add the Redirect URL from the Console as the Redirect URL value:

5) In the same Authentication tab: use the Console Logout URL as the Front-channel logout URL and enable Access Tokens.

6) In the Certifications & Secrets tab: create a Client Secret and use the value as the Client Secret in the Console IDP. Do the same for Client ID which can be retrieved from the Overview tab Application (client) ID value.

7) In the Overview tab: use the values from the Endpoints button to configure the following settings in the Console IDP:

8) In the Console IDP, choose the Default Agency as well as any other Enabled Agencies that the IDP should grant users to.

Once configured, Azure AD users should be able to login automatically to their assigned agencies using the Sign-in URL.

Did this answer your question?