SSO / AzureAD
The screenshots in this article might be look a little different based on your user rights and the current version of Azure Portal.
Azure AD OAuth2 is one of the more common SSO solutions with Silverbucket. Start by heading to the admin-panel in Silverbucket, choose "System Settings" and click the 'Setup' button next to AzureAD.
As you click 'Setup' a new view opens which has five different fields for editing:
Every single one of these fields are found in https://portal.azure.com/ after you have created an Application in the portal. While creating the application we advise you to stay on the Silverbucket's SSO page as well - these two go hand-in-hand when setting up your SSO solution.
Creating an application in portal.azure.com
2) Open the sidebar located left of the screen and choose 'Azure Active Directory'
3) Choose 'Enterprise Applications' from the sidebar
4) Choose '+ New Application' to create a new Application in Azure
5) In the opening window choose the option 'Application you are developing'
6) Choose '+ New registration'
7a) Fill in the name for your Application
7b) Choose the supported account types
7c) Copy the 'Redirect URL' from Silverbucket's SSO setup and insert it in the opening window as the Application's 'Redirect URI'
Make sure you enter the redirect URL section "azuread-oauth2" with a dash (-) and not an underline (_). In some Silverbucket versions the part "azuread-oauth2" is incorrectly written with an underline. So the, correct version is:
Complete the action by clicking 'Register' in Azure's portal, located bottom-left.
Your application is now created in Azure's portal - now we need to link that application as your SSO solution with Silverbucket.
Linking the application with Silverbucket
There are 5 fields that need to be configured in Silverbucket with the data found in Azure's Portal.
Token Endpoint & Authorization Token URL
( - Click 'Azure Active Directory' from the left sidebar)
- Choose 'App Registrations'
- Select your newly created Application by clicking it
- Open the 'Endpoints' tab
In the upcoming window you can find the values for Silverbucket's corresponding fields; Authorization Token URL & Token Endpoint:
Application (client) ID
( - Click 'Azure Active Directory' from the left sidebar)
- Choose 'App Registrations'
- Select your newly created Application by clicking it
- Copy the 'Application (client) ID' as Silverbucket's 'Application (client) ID'
Authorization Secret
( - Click 'Azure Active Directory' from the left sidebar)
- Choose 'App Registrations'
- Select your newly created Application by clicking it
- Choose the 'Sertificates & secrets' from the left sidebar
- Click on the 'New client secret'. Fill in the details:
- Description is optional
- When creating the secret choose your preferred expiration date:
1 year, 2 years or never
Make sure you copy the secret value to clipboar. Right after, fill in the Secret Key's value as Silverbucket's 'Authorization Secret' field
Save the changes in Silverbucket, log out of the system and test if you can log into Silverbucket by using the 'Log in using organizational account'
You should be forwarded into Microsoft's credentials page which - if credentials are entered correctly - allows you to log into your Silverbucket environment.
This sketch cannot currently be displayed in exports
If your login results in an error message please do check that the setup was done correctly and your credentials were correct. If not, please do refer to the Microsoft's article regarding OAuth 2.0 for example.
Optional settings
- Allowed domains in Silverbucket is an optional field
- You can use the 'User assignment' option in Azure's portal for your application if you wish to separately allow certain people to use the SSO. This can be done in the 'Enterprise Applications' > Silverbucket > Add user.
