Azure Active Directory (AD)

Create an application

The first step is to create an application from within Azure AD.

1. Click on "App registrations"
2. Click "New registration"
3. Enter a name for the registration, for example "DataGuard CPM"
4. Select an appropriate account type for your organisation
5. Under the "Redirect URI" section select "Web" from the dropdown
6. In the text box also under "Redirect URI" enter one of the following URLs:
   1. If you are integrating with a testing DataGuard CPM tenant then use this URL:
      https://test-consentric.eu.auth0.com/login/callback
   2. If you are integrating with a sandbox DataGuard CPM tenant then use this URL:
      https://sandbox-consentric.eu.auth0.com/login/callback
   3. If you are integrating with a production DataGuard CPM tenant in the UK then use this URL:
      https://consentric.eu.auth0.com/login/callback
   4. If you are integrating with a production DataGuard CPM tenant in the EU then use this URL:
      https://dgconsentde.eu.auth0.com/login/callback
7. Click "Register"

Next, create a secret key for the application:

1. Click on "Certificates & secrets"
2. Click on "Client secrets"
3. Click on "New client secret"
4. Enter a name for the secret, for example "DataGuard CPM SSO"
5. Select a time for the expiration, note that you will need to send us a new secret when the old one expires.
6. Click on "Add"

After creating the application and secret, send the application client id and secret as well as your Azure AD Domain to your customer success manager at DataGuard and we will set up the SSO for you.

After creating the App Registration and Secret, send the following information to your customer success manager at DataGuard and we will set up the SSO for you:

• The “Primary domain”, found on this page: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview
• The “Application (client) ID” for the App Registration you created in this guide.
• The “Value” of the secret you creating in this guide.

While we are setting up the SSO, you can set up the groups and users so everything is ready to go when we the SSO is set up. This is explained below.

Create groups

The Azure AD application takes care of the authentication of users, but the users wont be authorised to do anything after signing in. To authorise users to be able to use the DataGuard CPM admin UI, you have to create some groups and assign users to them.

There are two groups that permit users to do different things in the UI:

• DG_Permissions_Agent: Allows the user to see information about any citizen stored in the CPM instance.
• DG_Permissions_Admin: Allows the user to configure the CPM instance.

You should create both of these groups in Azure AD, and add any users to these groups if they require access to the DataGuard CPM instance.