OIDC Setup for Microsoft Azure/AD
Configure Azure
-
Open the Azure Portal.
-
Navigate to Microsoft Entra ID -> App registrations.
-
Select + New Registration to start creating a new application registration.
The Register an application dialog appears.
-
Enter a display name of the new app registration in Azure. This can be any name.
- The Supported account types radio buttons can be left at default (Accounts in this organization only).
- The Redirect URI can be found in your octoplant server OIDC configuration dialog.
-
Select Register to create a new app registration.
- The Overview of your new app registration should appear.
Configure Application ID
- Copy the Application (client) ID for use later in this process.
- Select Navigation from the left sidebar.
- Set the Enable the following mobile and desktop flows: switch in Advanced settings to Yes.
- Select the Save button to apply your changes.
- Select API permissions from the left sidebar.
- Select the + Add a permission button.
- Select Microsoft Graph under Microsoft APIs
- Select Delegated permissions.
- Select email, openid and profile under OpenId permissions.
- Select the Add permissions button to apply your changes.
- Select Credentials & Secrets from the left sidebar.
- Select the + New client secret button.
- Add a name for the new secret under Description.
- Configure how long the secret will be valid with Expires.
- Select the Add button.
As soon as the secret is created, select and copy the Value of the secret.
As soon as you leave the page there is no way to view the secret again.
If the secret value is lost, a new secret must be created.
Configure octoplant
- Go to the octoplant server OIDC configuration.
- Select your OIDC configuration.
- Set Azure AD URLs
- Set the Application (client) ID from the registration step in Client id:.
- Set the Client secret Value(copied above).
- Select the Save button.
- Select the OK button.