Azure Active Directory Single Sign-On (SSO)

Prerequisites

Currently, Manifest only supports Single Sign-on (SSO) using Azure Active Directory. To get started you need the following items:

• An Azure account with an active subscription
• One of the following roles to the client Azure account: Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the service principal.
• The following role to the Manifest application: System administrator

Adding the Manifest application to your Azure AD tenant

1. Sign into the Azure portal 
2. In the Azure portal, search for and select Azure Active Directory.
3. ​Select App registrations

4. Select “+ New Registration”
5. Complete the App registration form:
   • Enter the desired user-facing display name, eg. “Manifest”
   • Choose the scope for application authentication (Most single tenant users will select the first option: Supported Account types – select “Accounts in this organizational directory only”)
   • Redirect URI is (optional) – leave blank
   • Select Register

6. From the App registration screen, under “Owned applications” select the Manifest app you just created
7. Go to the Authentication tab
8. Select + Add a platform

9. On the Configure platforms select Web

10. Enter the redirect URI of the application
    • domain.com/rest/dynamics/token
    • domain.com/rest/dynamics/auth
      IMPT: insert your full Manifest domain URL in place of domain.com eg: https://mysubdomain.taqmanifest.com/rest/dynamics/token​

11. Go to the Certificates & secrets tab
12. Under Client secrets, select “+ New clientsecret” and add a client secret
    • Provide a description and expiration and a client secret will be automatically generated
    • IMPT! Copy the key once created and save this. You will need this to configure your AD in Manifest. Once you leave this screen you will not be able to access this secret value again.

11. Go to the ‘API Permissions’ tab
12. Select “+ Add a permission”. The “Request API permissions” window will fly out.
13. Under Microsoft API’s, select Microsoft Graph. You will be prompted to indicate what type of permissions your application requires.
14. Select Delegated Permissions and search for and then check off the following permissions:
    • User.read
    • Sites.Manage.All
    • Sites.Read.All
    • User.Read

15. Before logging out, be sure to make note of the following information required to configure your Active Directory in Manifest:
    • Application (client) ID: available under App registrations
    • Client Secret: created in step 10
    • Directory (tenant) ID: available on the Overview tab​

Configuring Manifest with your client Azure AD

1. Sign into the Manifest Client Portal
2. Select “Client Settings” and go to the Active Directory Configurations tab
3. Select “+ OAUTH PROVIDER”
4. Enter in the following information gathered in step 15 when adding the Manifest application to your Azure AD tenant:
   • Client ID​
   • Client Secret​
   • Tenant ID​
5. Select Update