How to Configure Azure as an Identity Provider (IDP) using oAuth2

Manage User Access to eCourtDate With Your Azure Active Directory.

  1. Home
  2. Console
  3. How to Configure Azure as an Identity Provider (IDP) using oAuth2
Last updated 1 year ago
To use this article: sign in to eCourtDate here.

Manage User Access to eCourtDate With Your Azure Active Directory.

Identity Profiles (IDPs) allow you to configure oAuth2.0-based authentication and authorization flows for your users.

 

We recommend creating at least three separate IDP profiles:

  • Console IDP - for IT and technical users

  • Staging IDP - for business and testing users

  • Production IDP - for all users

 

Steps:

 

1) Create an IDP in the Console IDPs page: https://console.ecourtdate.com/idps

 

  • Click on Add IDP and choose the desired region (we recommend using 2 separate IDPs for staging and production)

  • Choose a unique sign-in URL.

 

add idp

2) Once created, you'll get sign-in, redirect, and logout links needed for Azure configuration:

 

Demo idp url

 

3) Go to your Azure Active Directory tenant and create a new App Registration:

 

azure ad ap registration

4) In the Authentication tab:

  • Add a platform configuration, choose Web, then add the Redirect URL from the Console as the Redirect URL value:

configure web

5) In the same Authentication tab: use the Console Logout URL as the Front-channel logout URL and enable Access Tokens.

 

front channel idp

6) In the Certifications & Secrets tab: create a Client Secret and use the value as the Client Secret in the Console IDP. Do the same for Client ID which can be retrieved from the Overview tab Application (client) ID value.

 

7) In the Overview tab: use the values from the Endpoints button to configure the following settings in the Console IDP:

 

end points idp

 

token url

8) In the Console IDP, choose the Default Agency as well as any other Enabled Agencies that the IDP should grant users to.

 

9) (optional) To use your Azure group memberships to assign eCourtDate roles, add the GroupMember.Read.All permission:

 

 

Azure Group Member Read All Permissions

10) (if Step 9 is completed) In Token Configuration, click on Add groups claim, choose the Group types and ID, then click on Add:

 

Add Groups Claim to share with eCourtDate application

 

If you wish to use Azure Groups to assign eCourtDate User Roles, enable the Emit groups as role claims option:

Emit Azure groups as role claims

 

If you wish to use Azure Groups to assign eCourtDate Agencies instead, enable the Directory Roles option to pass the user's roles:

group type checkbox

To assign agencies, the group name must match the following format (case insensitive): {AgencyReference_ECOURTDATE}.

 

For example, if your agency reference is: municipal-court-123 then the Azure group name should be municipal-court-123_ECOURTDATE

 

Prerequisite: the agency must be included in the IDP Enabled Agencies setting to be used for Group -> Agency assignment.

 

Note: Any Role that is a case-insensitive match to one of the following: SECURITY or ADMIN or ROOT will be assigned Super Admin in addition to any other roles. You may need to enable the Security groups in the above setting.

 

 

Once completed, Azure AD users can log in automatically to their assigned agencies using the Sign-in URL.

 

While signing in, the user's access is regenerated based on the latest identity and permissions returned by Azure Active Directory.

 

Get Help from the eCourtDate Team

Schedule a Virtual Meeting