Azure Microsoft 365 SSO configuration
In order to be able to use SSO with Microsoft 365, preliminary steps must be taken.:
1. You need an application registered on the Azure portal. In case you do not have one, you can follow this guide: https://learn.microsoft.com/it-it/azure/active-directory/develop/quickstart-register-app
2. On the left-hand side, open the Authentication menu
3. On the Authentication page click: Add a platform > Web
4. Enter as redirection URI:
- https://{domain}.intervieweb.it/sso-azure.php
- https://staging-{domain}.intervieweb.it/sso-azure.php
- https://test-{domain}.intervieweb.it/sso-azure.php
- The {domain} part should be replaced with the domain from which Inrecruiting is accessed (e.g. https://inrecruiting.intervieweb.it/sso-azure.php)
5. Open the API Permissions menu
6. On the API Permissions page click on: Add a permission > Microsoft Graph > Delegated permissions > User.Read
If you do not have one, from the Certificates & Secrets menu move to the Client Secrets submenu and proceed to generate it.
IMPORTANT: Save this value (not the Secret ID) because it cannot be displayed again.
At this point, on Inrecruiting you can proceed to configure the service.
The required configurations are:
- Authority: this is a URL indicating a directory from which MSAL can request tokens. See https://learn.microsoft.com/it-it/azure/active-directory/develop/msal-client-application-configuration#authority for more information.
- Client ID: the Client (Application) ID of Azure. It can be retrieved from the Azure application overview screen
- Client Secret: the previously generated client secret
Once the configuration has been saved, it will be possible to log in via Microsoft 365.