Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Setting Up Azure AD Single Sign on (SSO)

            Modified on Fri, 25 Apr at 1:45 PM

            This guide walks you through configuring Azure Active Directory (Azure AD) as an OAuth 2.0 Identity Provider for single sign‑on (SSO) in the ShadowMap portal.


            Prerequisites

            • An Azure AD tenant with Global Administrator permissions

            • Access to the ShadowMap portal with an administrator role

            • A Redirect URI (the callback URL) for your ShadowMap instance, e.g.: https://<your-domain>/auth/callback

            • (Recommended) A test user in Azure AD to verify login


            1. Register a New Application in Azure AD

            1. Sign in to the Azure portal.

            2. Navigate to Azure Active Directory > App registrations > New registration.

            3. Configure the registration:

              • Name: ShadowMap SSO

              • Supported account types: Choose Accounts in this organizational directory only (or as required).

              • Redirect URI: Select Web, then enter your ShadowMap callback URL:

                https://<your-domain>/auth/callback

            4. Click Register.



            2. Generate Client Secret (OAuth 2.0)

            1. In the new registration, go to Certificates & secrets.

            2. Under Client secrets, click New client secret.

            3. Add a description (e.g., ShadowMap SSO Secret) and choose an expiration period.

            4. Click Add.

            5. Copy the generated Value immediately. This is your Client Secret.


            3. Collect OAuth Details

            In your Azure AD app registration overview, note the following values:


            FieldValue location
            Tenant (Directory) IDOverview > Directory (tenant) ID
            Application (Client) IDOverview > Application (client) ID
            Authorization Endpointhttps://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize
            Token Endpointhttps://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token
            Scopesopenid profile email


            4. Configure ShadowMap Portal

            1. Sign in to the ShadowMap portal as an administrator.

            2. Navigate to Settings > SSO Authentication.

            3. Fill in the OAuth details collected above:

              • Provider: Azure AD

              • Client ID: <Application (Client) ID>

              • Client Secret: <Client Secret>

              • Tenant ID: <Directory (Tenant) ID>

            4. Click Save.


            5. Verify Configuration

            1. Log out of ShadowMap.

            2. On the login page, select Sign in with Azure AD.

            3. Authenticate using your test Azure AD user.

            4. Confirm successful redirection back to ShadowMap and access granted.


            Troubleshooting Tips

            • Invalid redirect URI: Ensure the callback URL exactly matches the one registered in Azure AD.

            • Consent prompt: If users see a consent screen, grant admin consent under API permissions > Grant admin consent.

            • Expired client secret: Monitor and renew before expiration in Certificates & secrets.



            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0