With Azure AD (Authentication Only)

To proceed you will need to have access to both Interact's Application Settings and the Azure Active Directory portal simultaneously.

First, we will register your Interact instance as an application within Azure.

Configure Azure

1. Register a new app

From within your Azure Portal: Select Azure Active Directory from the left-hand menu. Next select App registration and New registration from the subsequent sub-menus.

From here you will be presented with a form titled Register an application.

Give the application registration a name, set the supported account type to organizational directory only and fill out the Redirect URI: https://{Your-Intranet-Domain}/Interact/Login/default.aspx

Click Register to continue.

2. Add permissions

Next, select API permissions from the side menu and then Add permission

You will be presented with a Request API permissions pane. From the Microsoft APIs tab scroll down to and select Azure Active Directory Graph, under the Supported legacy APIs section.

Select Delegate permissions. From the exposed options expand Directory and select Directory.Read.All also expand User and select User.Read

Next, select Application permissions. Expand Directory and select Directory.Read.All

At the bottom of the window click Add permission to close.

3. Grant Permissions

You will now be presented with a list of your selected permissions. Click the Grant admin consent button to apply these options.

Click Yes to confirm

4. Obtain EntityID

Next, log into your Interact intranet and navigate to Application Settings > Control Panel > Manage Security > Manage SAML Authentication.

If your domain isn’t currently setup click Setup Domain, otherwise skip 2 steps.

On the next page click Save

Click the Edit button for the domain you are working against.

On the next screen copy the text of the EntityId.

Switch back to your Azure Portal. From the side sub-menu click Expose an API and then, from the main pane, click Set to set the Application ID URI

Paste the EntityId, copied from your Interact settings, into the Application ID URI.

Click Save

5. Meta Data URL

Next you will need your Azure domain name to form the metadata URL. This can be found by clicking Azure Active Directory from the main side menu, then Custom domain names from the sub-menu. Your domain name will be in the pane to the right.

The Azure's metadata URL is formatted as follows:

https://login.microsoftonline.com/{your_domain_name}/federationmetadata/2007-06/federationmetadata.xml

Replace {your_domain_name} with the name of your domain obtained in the previous step.

6. Create an Idp in Interact

Switch back to your Interact Intranet and again navigate to Application Settings > Control Panel > Manage Security > Manage SAML Authentication.

Click the Indentity Providers button

On the next screen, enter the metadata URL you created in step 5 into the Metadata URL textbox, then cick Import as highlighted in the image below.

A new Indentity Provider should appear in the list below.

Click Edit for the newly created IdP

Give the Identity Provider a name and select whether or not you would like it to appear as a button on the Log-In screen for your Intranet. The name your enter here will be the name displayed on button.

Click Save

Thats it! You should now be able to sign into your intranet using your Azure AD credentails.

If you want to enable Seamless SSO (Auto log-in) for this provider. Follow the next step:

6. Auto Sign-in

From the Manage Identity Providers page. Select the option Make Default Provider, then click the Back button located above the blue New Identity Provider button.

Select the option Enable Auto Login