Author:
Fluent Commerce
Changed on:
26 Oct 2023
Go to Microsoft Azure portal. If one does not have a Microsoft Azure account, they can create one.
Under Azure services, click Azure Active Directory.
On the left, click App registrations.
At the top, click New registration.
Under Name, enter a user-facing display name for the application.
Under Supported account types, select any multi-tenant option. In case you need help to choose the option, click Help me choose link.
Leave Redirect URI blank for now. This value will be required to enter after creation the identity provider in PingOne.
Click Register.
Go to Microsoft Azure portal.
Under App registrations, select the application.
On the left, click Certificates and secrets.
Under Client secrets, click + New client secret.
Enter the following:
Click Add.
Under Client secrets, locate the value for the appropriate secret and copy it to a secure location.
On the left, click Overview.
Locate the Application (client) ID and copy it to a secure location.
Go to Microsoft Azure portal.
Under App registrations, select the application.
On the left, click API permissions.
Click the + Add a permission button.
Click Microsoft Graph, then click Delegated permissions.
Select the following:
`email`
`offline_access`
`openid`
`profile`
`User.Read`
Click the Add permissions button.
Go to Connections → External IDPs.
Click + Add Provider.
Click Microsoft.
On the Create Profile screen, enter the following information:
The icon and login button cannot be changed, in accordance with the provider's brand standards.
Click Next.
On the Configure Connection screen, enter the following information:
Click Save and Continue.
On the Map Attributes screen, define how the PingOne user attributes are mapped to Microsoft attributes. Select the PingOne attribute, then select the equivalent Microsoft attribute. Select the update condition, which determines how PingOne updates its user directory with the values from Microsoft.
The options are:
`Empty only`
`Always`
Click Save and Close.
Go to the PingOne console.
Go to Connections → External IDPs.
Locate the appropriate identity provider and then click the details icon to expand the identity provider.
Click the Connection tab. Copy the Callback URL and paste it in a secure location.
Go to Microsoft Azure portal.
Under App registrations, select your application.
On the left, click Overview.
For Redirect URIs, click Add a Redirect URI.
For Platform configurations, click + Add a platform.
Under Web applications, click Web.
For Redirect URIs, enter the value that you copied from PingOne.
Click Configure.
Enable the External Identity Provider.
Create a new Authentication Policy and add the newly created External Identity Provider to it.
Add the Authentication Policy to the application.
Copyright © 2024 Fluent Retail Pty Ltd (trading as Fluent Commerce). All rights reserved. No materials on this docs.fluentcommerce.com site may be used in any way and/or for any purpose without prior written authorisation from Fluent Commerce. Current customers and partners shall use these materials strictly in accordance with the terms and conditions of their written agreements with Fluent Commerce or its affiliates.