These instructions detail how to create a new app registration in an Azure Active Directory tenant to allow BankPoint users to authenticate using Single Sign On.
To perform these steps you will need an Azure Active Directory tenant as well as Owner/Contributor rights to Active Directory.
- Log into your Azure portal and go to the Azure Active Directory blade
- Click App registrations on the left
- Click New registration and complete the form as shown below
- Select single tenant option to ensure that only people from your Azure AD tenant can be authenticated
- Set the redirect URI to:
- Press the Register button to save. Once completed you will be taken to the App registration detail blade
- In the upper right click the link for Redirect URIs to add one more URI
- Click on the 'Add URI' link in the Web section, and add the following URI: https://bankpointio.auth0.com/authorize
- Press the Save button in the upper left
- Click the Overview button in the left nav panel
- Press the 'View Api Permissions' button in the Call APIs section to add the required Open-id permissions
- The App registration will default to User.Read and we'll need to add email, profile, and openid. To do this:
- Click the Add a permission link
- Select Microsoft Graph
- Select Delegated permissions
- Select the email, openid, and profile permissions and then press the Add permissions button
- You should then see the following permissions setup for your App registration
- Click the Grant admin consent for BankPoint link to streamline the initial login experience for your users. This will take you back to the Overview blade.
- Click the Endpoints link at the top
- Copy the first two links as shown above to send to BankPoint Support.
- Back on the Overview blade, click the Certificates and secrets link in the left nav
- Click the new client secret link
- Enter a description (e.g. BankPoint client secret)
- Select Never for the Expires option
- Press the Add button
- You'll see a new entry in the Client secrets section. Click the copy button to copy the newly created secret to your clipboard and save this off to send to BankPoint Support
- Click the Overview button once again to return to the Overview blade
- Copy the Application (client) ID value from the top section to send to BankPoint Support
Now, securely send the following information which you collected along the way to BankPoint Support (firstname.lastname@example.org).
- Application (client) ID
- Client secret
- OAuth 2.0 authorization endpoint (v2)
- OAuth 2.0 token endpoint (v2)