Azure Active Directory (AD)
Register app with Azure DB
To register an app follow the instructions:
- Sign in to the Azure portal.
- If you have access to multiple tenants, use the
Directories + subscriptions
filter in the top menu to switch to the tenant in which you want to register the application. - Search for and select Azure Active Directory.
- Under Manage, select
App registrations -> New registration
.

- Enter a display Name for your application. For example
kubit-sso
. - Specify who can use the application.
- Specify redirect URL -
https://auth.kubit.ai/login/callback
.

- Select Register to complete the app registration.
- When registration finishes, the Azure portal displays the app registration's Overview pane. Please make a note of your Application (client) ID.
Create credentials
- Open the newly registered app and navigate to the
Certificates & client secrets
menu. - Click on the
+ New client secret
button. - Once the Azure portal displays the generated Client Secret Value please make a note of it.
Note
If you configure an expiring secret, make sure to record the expiration date. You will need to renew the key before that day in order to avoid service interruption.

Configure permissions
- Open the newly registered app and navigate to the
Expose an API
menu. - Click on the
+ Add a scope
button. - You can proceed with the generated Application ID URI or you can change it.
- Configure a scope resource:

- Click on the
+ Add a client application
button and add use the Application (client) ID from earlier (see step 9 of Register app with Azure DB).

- Now navigate to the
API permissions
menu. - Select
+ Add a permission → My APIs
and select the web application you created earlier.

- On the next screen select the scope resource you’ve created.

- Click one more time on
+ Add a permission
and select Microsoft Graph API. Then select Delegated permissions and enableUsers > User.Read permission
.

Share required information with Kubit
Share your AD Primary domain, Application (client) ID, and Client Secret Value with the Kubit team. The AD domain could is listed in the main AD dashboard.

Updated about 1 year ago