The function allows you to configure authorization via the Microsoft Azure AD directory service.

Configuring Azure AD

To set up Picvario authorization via Azure AD, you need to create an Enterprise application in Azure AD. During creation, you must specify your workspace’s address in the callback field: https://<tenant>/oauth2/callback.

For example: https://ll.api.picvar.io/oauth2/callback.

Get the Enterprise application ID and save it for future use. To do it:

  1. Log in to your Azure account.
  2. Select Microsoft Entra ID in the left sidebar.
  3. Select Enterprise Applications.
  4. Select All applications.
  5. Select the application that you have created.
  6. Click Properties.
  7. Copy the Application ID.

Get the application password. To do it:

  1. Log in to your Azure account.
  2. Select Microsoft Entra ID in the left sidebar.
  3. Select App registrations.
  4. Select the application that you have created.
  5. Click Certificates and Secrets.
  6. Select Client Secrets.
  7. Click Create Client Secret.
  8. Enter a description of the key and the expiration date of the secret.
  9. Click Add.
  10. Copy and save the key value. You will not be able to get this value after closing the page.

Get the Azure AD Client ID. To do it:

  1. Log in to your Azure account.
  2. Select Microsoft Entra ID in the left sidebar.
  3. Click Properties.
  4. Copy the Client ID.

Configuring Picvario

To configure authorization in the administrative panel, you need to create several options:

ADFS_AUTH_ENABLED – the value is True.

ADFS_CLIENT_ID – the value is the Enterprise application ID.

ADFS_CLIENT_SECRET – the value is the application password.

ADFS_TENANT_ID – value is the Azure AD Client ID.

ADFS_AUDIENCE – the value is the same as the value of ADFS_CLIENT_ID.

ADFS_RELYING_PARTY_ID – the value is the same as the value of ADFS_CLIENT_ID.

OptionExamplePublic
ADFS_AUTH_ENABLEDTrueTrue
ADFS_CLIENT_ID3aaf3b0c-6287-45d6-a128-5a20bf6652ccFalse
ADFS_CLIENT_SECRET3f-Wx.X8xc3-QP~5Ly2FSbBvGGtNRch4DpFalse
ADFS_TENANT_IDed842bf4-620f-4653-8951-ad92e71530edFalse
ADFS_AUDIENCE3aaf3b0c-6287-45d6-a128-5a20bf6652ccFalse
ADFS_RELYING_PARTY_ID3aaf3b0c-6287-45d6-a128-5a20bf6652ccFalse

In the administrative panel, go to Home > Options > Options, or click the Change link.

Screen 3.png

To create a new option, click the ADD OPTION button.

Screen 4.png

An editing page opens where you can specify the option and its value.

Screen 5.png

Create all the options above in the same way.

If all settings are successfully completed, a button will appear on the account login screen:

Screen 7.png

Click it to log in via Microsoft ADFS.