Azure Microsoft 365 SSO configuration
In order to be able to use SSO with Microsoft 365, preliminary steps must be taken.:
1. You need an application registered on the Azure portal. In case you do not have one, you can follow this guide: https://learn.microsoft.com/it-it/azure/active-directory/develop/quickstart-register-app
2. On the left-hand side, open the Authentication menu
3. On the Authentication page click: Add a platform > Web
4. Enter as redirection URI:
- https://{domain}.intervieweb.it/sso-azure.php
- https://staging-{domain}.intervieweb.it/sso-azure.php
- https://test-{domain}.intervieweb.it/sso-azure.php
- The {domain} part should be replaced with the domain from which Inrecruiting is accessed (e.g. https://inrecruiting.intervieweb.it/sso-azure.php)
5. Open the API Permissions menu
6. On the API Permissions page click on: Add a permission > Microsoft Graph > Delegated permissions > User.Read
If you do not have one, from the Certificates & Secrets menu move to the Client Secrets submenu and proceed to generate it.
IMPORTANT: Save this value (not the Secret ID) because it cannot be displayed again.
At this point, on Inrecruiting you can proceed to configure the service.
The required configurations are:
- Authority: this is a URL indicating a directory from which MSAL can request tokens. See https://learn.microsoft.com/it-it/azure/active-directory/develop/msal-client-application-configuration#authority for more information.
- Client ID: the Client (Application) ID of Azure. It can be retrieved from the Azure application overview screen
- Client Secret: the previously generated client secret
Once the configuration has been saved, it will be possible to log in via Microsoft 365.
The access url for SSO is the one defined in the endpoint field of the configuration: