1. Go to https://secoda.company.com/auth/admin/master/console/#/realms/master, sign in with the username admin and Keycloak password you added to the onprem.tfvars file, and switch to the Secoda Realm in the top left. Click on Identity Providers in the left hand navigation menu:

    Screen Shot 2021-12-03 at 3.12.23 PM.png

    Screen Shot 2021-12-03 at 3.13.17 PM.png

    1. Click "Add provider..." and select Microsoft
  2. Add the following fields in the form and click Save

  3. Send the Redirect Endpoint in the settings of the identity provider you just created to @Andrew McEwen to add to the list of allowed redirect URIs

  4. Once the SSO is configured, sign in with the admin of Active Directory and follow the steps in red to grant permission for all users in your Active Directory to sign into Secoda.

    1. Sign in to the Azure portal as a Global Administrator, an Application Administrator, or a Cloud Application Administrator.
    2. Select Azure Active Directory then Enterprise applications.
    3. Select the app Secoda (this shows up only after an admin has signed into Secoda using the Microsoft login)
    4. Select Permissions and then click Grant admin consent.
    5. Carefully review the permissions the application requires.
    6. If you agree with the permissions the application requires, grant consent. If not, click Cancel or close the window.
  5. Enjoy using Microsoft SSO!