How to Set Up SSO With Azure AD – OpenID Connect

Creating the SSO App by completing a consent flow

1. Click on the IntegrityCounts onboarding URL to initiate the setup: https://app.integritycounts.ca/
2. Click “Sign Up"
3. Enter your Global Administrator credentials for Azure AD
4. Press “Accept" in the consent dialogue.
5. The IntegrityCounts App can now be found in your Azure AD under Enterprise applications
6. Congratulations! You have now completed the setup on your side.

Adding the IntegrityCounts App manually from the Gallery

1. Log in to https://portal.azure.com/
2. Navigate to Azure Active Directory –> Enterprise Applications
3. Click “New Application"
4. From the Gallery search for IntegrityCounts OpenID Connect
5. Add the suggested App into your directory by clicking Sign up for IntegrityCounts OpenID Connect
6. You shall be then redirected to https://app.integritycounts.ca/ to complete the setup

Originally we were using Azure AD Graph APIs to be able to read the user's data, group names and apps from Azure AD. Since then Microsoft has decided to move away from Azure AD Graph APIs and introduced a new set of APIs under the name of Microsoft Graph APIs. The old (Azure AD Graph) APIs have been deprecated. Microsoft plans to stop supporting the old APIs by June 30th, 2022

With that in mind, we have now added the same permission set we have always required, originating from Microsoft Graph API. When consenting to the application, you will be prompted to grant approval to the same permissions listed twice. One permission set coming from the Azure AD Graph and the other from Microsoft Graph.

What are those permissions?

Read directory data (Application Level)
Allows the app to read data in your company or school directory, such as users, groups, and apps.

Sign in and read user profile (Delegation Level)
Allows users to sign in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.