Skip to main content

OAuth2 with Azure Active Directory

Brandon Langley
Updated

Setting up SSO with Azure Active Directory requires configuring a Diskover application within Azure, then gathering the necessary IDs, tokens, and endpoints to plug into Diskover. Below is a quick overview of the process:

  1. Create an App in Azure AD

  2. Collect Required IDs and Endpoints

  3. Configure Diskover with Azure Details

  4. Test the Integration

  5. Troubleshoot Common Errors

Configuring an Application in Azure AD:

  • Log in to the Azure Portal.

  • In the search bar at the top, type "App registrations" and click on the result to open the App Registrations page.

  • Click "New registration".

  • Fill out the registration form:

    • Name: Diskover

    • Supported account types: Leave the default selection ("Accounts in this organizational directory only").

    • Redirect URI (optional):

      • Select Web

      • Enter the redirect URI for your Diskover instance, e.g.,
        https://your-diskover-domain.com/oauth2/callback

  • Click Register to create the application.

image-20250227-214622.png

Get the Needed IDs and Endpoints

Now click into the Diskover application. Here you will need the Application (client ID), make a copy of this. In the example below, our client id is 3ed84b8e-3046-4893-8345-d713a4890166

43138E56-8FFB-42D1-B020-6DD5AFC504CA_1_201_a.jpeg

Navigate to the “Certificates & Secrets” menu, and create a new Secret with a descriptive name and expiration. Once this is Created Copy the Value

image-20250227-215426.png

Click back on Overview, and at the top of the of this page, select “Endpoints”. Here we will collect the OAuth 2.0 authorization endpoint (v2), and OAuth 2.0 token endpoint (v1). In this example this is: Oauth 2.0 authorization endpoint (v2): https://login.microsoftonline.com/a7ddce5d-9828-4f9b-8c92-e83966cef195/oauth2/v2.0/token and OAuth 2.0 token endpoint (v1): https://login.microsoftonline.com/a7ddce5d-9828-4f9b-8c92-e83966cef195/oauth2/token

image-20250227-215851.png

Diskover Setup:

Translating what we’ve collected to Diskover, we have:

  • Application (client ID): 3ed84b8e-3046-4893-8345-d713a4890166

  • Diskover Secret: YOUR SECRET

  • OAuth 2.0 authorization endpoint (v2): https://login.microsoftonline.com/3ed…166/oauth2/v2.0/authorize

  • OAuth 2.0 token endpoint (v2): https://login.microsoftonline.com/3ed…166/oauth2/v2.0/token

  • OAuth 2.0 logout endpoint (v2): https://login.microsoftonline.com/3ed…166/oauth2/v2.0/logout

In Diskover, navigate to Diskover AdminWebOAuth and plug in the corresponding values:

  • OAuth2 Client ID: Application (client ID)

  • OAuth2/Okta Client Secret: The secret from “Certificates & secrets”

  • OAuth2 Redirect URI: https://diskover.company-domain.com/login.php?callback

  • OAuth2 Logout Redirect URI: https://diskover.company-domain.com/

  • OAuth2 Auth Endpoint: OAuth 2.0 authorization endpoint (v2) from “Overview” → “Endpoints”

  • OAuth2 Token Endpoint: OAuth 2.0 token endpoint (v2) from “Overview” → “Endpoints”

  • OAuth2 Logout Endpoint: https://diskover.your-company-domain.com/

  • OAuth2 API Type: Azure

  • OAuth2 API URL Base: Not used by Azure AD

Example:

image-20250227-220532.png

In this example, localhost is used but Production or Development systems should use the https://diskover.company-domain.com URL.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk