How to configure AzureAD
Follow this step-by-step guide to configure the integration between Port and Azure Active Directory.
In order to complete the process you will need to contact us to receive the information you require, as well as the information Port requires from you. All is elaborated below in the following section.
Port-AzureAd integration benefitsβ
- Connect to the Port application via an AzureAD app.
- Your AzureAD teams will be automatically synced with Port upon a user sign-in.
- Set granular permissions on Port according to your AzureAD groups.
How to configure a Port application in Azure ADβ
Step #1: Register a new applicationβ
In the Microsoft Azure Portal, go to
Azure Active Directory.Click on
App registrations.
Click on
New registrationat the top of the page
Define the Port application settings:
4.1
Name: Insert a friendly name for the Port app, likePort.4.2
Supported account types: Please select the option that is appropriate for your organization.noteFor most use cases this would be Accounts in this organizational directory only (Default Directory only - Single tenant).
4.3
Redirect URI:- Set
PlatformtoWeb. - Set
URLtohttps://auth.getport.io/login/callback.
4.4 Click
Register.- Set
Step #2: Customize your Port app with Login URL and Logoβ
On the new Port App page, click
Branding & Properties.
1.1
Home page URL: paste the following URL:https://auth.getport.io/authorize?response_type=token&client_id=96IeqL36Q0UIBxIfV1oqOkDWU6UslfDj&connection={CONNECTION_NAME}&redirect_uri=https%3A%2F%2Fapp.getport.ionoteWe will provide your
{CONNECTION_NAME}(Contact us on Slack/Intercom).1.2 Add the Port logo (optional):
1.3
Publisher domain: Select the domain matching your user emails (for examplegetport.io).
1.4 Click
Save.
Step #3: Configuring the application permissionsβ
On the Port App page, click
API Permissions.
Click
Add a permission:
On the
Microsoft APIstab:3.1 Click on
Microsoft Graph
3.2 Click on
Delegate Permissions
3.3 Search and mark the following permissions:
email,openid,profile,User.read.
3.4 Click
Add permissions.note(OPTIONAL)
Grant admin consent: when users from your organization will first log in, they will be prompted to confirm the permissions specified here. You can click theGrant admin consent for Default Directoryto automatically approve their permissions.
Step #4: Configuring the application claimsβ
On the Port App page, click
Token configuration:
Click
Add optional claim:
Select
IDas the token type and then select theemailclaim, then clickAdd:
noteRepeat the same process for
AccessandSAML(3 times total).Your optional claims will look like this:
infoIf you wish to configure the
groups claimto pull your AzureAD groups into Port, please follow How to allow pulling AzureAD groups to Port.
Step #5: Configuring application secretβ
On the Port App page, click
Certificates & Secrets:
On the
Client secretstab, click theNew client secretbutton:
2.1
Description: Enter a secret description, for examplePort Login Client Secret.2.2
Expires: Select when will the secret expires.dangerBe sure to mark on your calendar the expiration date of the secret. The secret needs to be replaced before its expiration, otherwise login to Port will be disabled.
2.3 Click
Add.A secret will be created and its Value will appear as shown in the image below. Immediately document the secretβs value because we will need it for our next step.
COPY YOUR SECRET NOWBe advised that your secret will never appear again after you leave this page.
Step #6: Providing the application information to Portβ
Port needs the following information for this process:
- The
Client Secretvalue that you created on Step 5: Configuring application secret. - The
Application (Client) ID, which appears on the Port application overview page:
Port will provide you the CONNECTION_NAME needed for the homepage URL of the App, as described on Step 2.
Step #7: Exposing the application to your organizationβ
Assigning the App to organization users and groups
After the app setup is complete, you can proceed to assign it to your organizationβs users and groups, by distributing it in your organization:
1.1 Go to
Azure Active Directory.1.2 Go to
Enterprise Applications:
Click on the Port app:
Click on
Users and Groups:
Click
Add user/group:
4.1 Select users and groups you want to grant access to Port.
4.2 Click
Assign.noteIMPORTANT: To make the Port app connection work, users who have access need to have a legal value in their
Emailfield in Azure AD.Make the Port application visible on the
myapplicationspage:5.1 Go to
Azure Active Directory.5.2 Go to
Enterprise Applications.5.3 Click on the Port app.
5.4 Click on
Properties:
5.5 Set the application properties:
Mark
Enabled for users to sign-in?asYes.Mark
Visible to users?asYes.
noteBy default the
Assignment required?flag is set toNo, meaning any user with the Homepage URL to the Port app can access it, even if the app isnβt directly assigned to them. Changing the flag toYesmeans only users and groups the app is directly assigned to can use and access it.
You should see the Port app on the https://myapplications.microsoft.com dashboard:
noteUsers can also manually access Port by going to the App Homepage URL:
https://auth.getport.io/authorize?response_type=token&client_id=96IeqL36Q0UIBxIfV1oqOkDWU6UslfDj&connection={CONNECTION_NAME}&redirect_uri=https%3A%2F%2Fapp.getport.io
How to allow pulling AzureAD groups to Portβ
This stage is OPTIONAL and is required only if you wish to pull all of your AzureAD groups into Port inherently.
Benefit: managing permissions and user access on Port. Outcome: for every user that logs in, we will automatically get their associate AzureAD groups, according to your definitions in the settings below.
On the
Token configurationtab, ClickAdd groups claim:
On the groups claim window, check the following options:
Security Groups,Directory roles,All groups.noteYou can also edit the groups' ID that is provided to Port. in the following example we left it as Group ID:
Click
Add.