Share:
ClickHelp Documentation

Use Microsoft Azure AD as SSO Provider

The Azure SSO provider allows users to log into a ClickHelp portal using their Azure Active Directory accounts. It is possible to make the portal a single-tenant application and allow only users from a specific Azure AD to log in to the portal, or make the portal multi-tenant and work with users from any Azure AD tenants.

Only Azure Active Directory (Work or School) accounts are supported. Microsoft (personal) accounts are not supported.

  • Open the Azure portal, go to Azure Active Directory
     
  • Click App registrations.

  • Click "New application registration" and specify the application name, type (select Web app / API) and the sign-on URL. Click Create to proceed.
      
  • Find the Application ID field in the application widget. The value of this field is the Client ID needed to set up the OpenID Connect provider in ClickHelp. Copy it somewhere to use it later.
     
  • [Optional] If you want your application to be multi-tenanted, click the Settings button and then go to Properties. Scroll the list of properties to the bottom and enable the Multi-tenanted option.

    Click the Save button at the top of the panel to save the properties.
  • On the Setting page, select Keys.

  • Specify a name for a new key, select the desired duration for the key, and click Save to generate a password for the new key. Copy the generated key and save it somewhere - this is the new application’s client_secret.

    Warning
    Please note that this is the only time when you can see the password in the Azure portal.
  • The latest piece of information about the portal we need is to get the tenant id or domain name. To get it, click the Help icon in the Azure Portal's header and select Show diagnostics. In the opened JSON file, find the tenant ID or domain name values.

  • The application is added. Now, we need to get some details about it. If the application widget is not opened automatically, click the application name on the App Registrations screen.

  • Now open the SSO Settings page in your ClickHelp portal, go to Tools > Portal Settings > Administration > Single Sign-on.

  • Populate the corresponding fields of the Azure client in ClickHelp with the values taken from Azure. For the Tenant field use either the tenant id or the domain name (whatever you like).
    In case you want to make users from several tenants access your ClickHelp portal, check the Multitenant box. Enable the connection and save changes. 

  • Now it is possible to log in to the portal using Azure Active Directory accounts. To make the portal to log in the user, the email address of the AD account should be the same as the address of the corresponding ClickHelp account.

  • When logging in to the portal with the Azure AD account for the first time, you will be prompted to accept the ClickHelp portal’s request for permissions to read the Azure AD user profile.