With Azure AD (Authentication Only)
To proceed you will need to have access to both Interact's Application Settings and the Azure Active Directory portal simultaneously.
First, we will register your Interact instance as an application within Azure.
Configure Azure
1. Register a new app
From within your Azure Portal: Select Azure Active Directory from the left-hand menu. Next select App registration and New registration from the subsequent sub-menus.
From here you will be presented with a form titled Register an application.
Give the application registration a name, set the supported account type to organizational directory only and fill out the Redirect URI: https://{Your-Intranet-Domain}/Interact/Login/default.aspx
Click Register to continue.
2. Add permissions
Next, select API permissions from the side menu and then Add permission
You will be presented with a Request API permissions pane. From the Microsoft APIs tab scroll down to and select Azure Active Directory Graph, under the Supported legacy APIs section.
Select Delegate permissions. From the exposed options expand Directory and select Directory.Read.All also expand User and select User.Read
Next, select Application permissions. Expand Directory and select Directory.Read.All
At the bottom of the window click Add permission to close.
3. Grant Permissions
You will now be presented with a list of your selected permissions. Click the Grant admin consent button to apply these options.
Click Yes to confirm
4. Obtain EntityID
Next, log into your Interact intranet and navigate to Application Settings > Control Panel > Manage Security > Manage SAML Authentication.
If your domain isn’t currently setup click Setup Domain, otherwise skip 2 steps.
On the next page click Save
Click the Edit button for the domain you are working against.
On the next screen copy the text of the EntityId.
Switch back to your Azure Portal. From the side sub-menu click Expose an API and then, from the main pane, click Set to set the Application ID URI
Paste the EntityId, copied from your Interact settings, into the Application ID URI.
Click Save
5. Meta Data URL
Next you will need your Azure domain name to form the metadata URL. This can be found by clicking Azure Active Directory from the main side menu, then Custom domain names from the sub-menu. Your domain name will be in the pane to the right.
The Azure's metadata URL is formatted as follows:
Replace {your_domain_name} with the name of your domain obtained in the previous step.
6. Create an Idp in Interact
Switch back to your Interact Intranet and again navigate to Application Settings > Control Panel > Manage Security > Manage SAML Authentication.
Click the Indentity Providers button
On the next screen, enter the metadata URL you created in step 5 into the Metadata URL textbox, then cick Import as highlighted in the image below.
A new Indentity Provider should appear in the list below.
Click Edit for the newly created IdP
Give the Identity Provider a name and select whether or not you would like it to appear as a button on the Log-In screen for your Intranet. The name your enter here will be the name displayed on button.
Click Save
Thats it! You should now be able to sign into your intranet using your Azure AD credentails.
If you want to enable Seamless SSO (Auto log-in) for this provider. Follow the next step:
6. Auto Sign-in
From the Manage Identity Providers page. Select the option Make Default Provider, then click the Back button located above the blue New Identity Provider button.
Select the option Enable Auto Login
Updated over 5 years ago