Enable SSO access to your MineOS account for you and your team through the Identity Provider AzureAD.
Before you start, make sure you have:
- An Azure account
- MineOS enterprise account
How to create an app on AzureAD:
To register your app with Azure AD, see Microsoft's Quickstart: Register an application with the Microsoft identity platform
During registration, configure the following settings:
- Name: MineOS (or any relevant name you prefer)
- Supported account types: To allow users from external organizations (like other Azure AD directories), choose the appropriate multi-tenant option. Multi-tenant options include the following: Accounts in any organizational directory (Any Azure AD directory - Multi-tenant).
- Redirect URI: Select the Web platform, and enter:
https://mineos-b2b.eu.auth0.com/login/callback
- On the left side menu, click Token Configuration.
- Click Add optional claims, select ID and check email, family_name, and given_name
- Click Add
- On the left side menu, click API Permissions
- Click "Grant admin consent for <your company name>"
- Wait a few seconds, and confirm that the Status column has changed to Granted (Green checkmark) for all permissions.
Creating a Client Secret on AzureAD
To create a client secret, See Microsoft's Quickstart: Configure a client application to access web APIs - Add Credentials to your web application
If you set up an expiring secret, please make sure to record the expiration date. You will need to renew the key before that day to avoid a service interruption.
Once the client secret has been created, make a note of its value.
Share the following information to your MineOS customer success manager:
- Azure AD primary domain (you can find it under Azure -> Active Directory -> Primary Domain)
- Email Domain
- Application (client) ID (this can be found in the app's overview page)
- Client Secret value
- Supported account types (multi-tenant or single organization)
Don't forget to assign this app to users in your organization that need access to MineOS.