Azure Active Directory


If you plan on allowing users to log in using a Microsoft Azure Active Directory account, either from your company or from external directories, you must register your application through the Microsoft Azure portal. If you don't have a Microsoft Azure account, you can signup for free.

You can access the Azure management portal from your Microsoft service, or visit and sign in to Azure using the global administrator account used to create the Office 365 organization.

If you have an Office 365 account, you can use the account's Azure AD instance instead of creating a new one. To find your Office 365 account's Azure AD instance:

  1. Sign in to Office 365.
  2. Navigate to the Office 365 Admin Center.
  3. Open the Admin centers menu drawer located in the left menu.
  4. Click on Azure AD.

This will bring you to the admin center of the Azure AD instance backing your Office 365 account.

Follow the 6 steps below to connect your Perimeter 81 Account to Azure Active Directory (screenshots below):

  1. Create a new application
  2. Configure the permissions
  3. Allowing access from external organizations (optional)
  4. Create the key
  5. Configure Reply URLs
  6. Configure Perimeter 81 IDP connection

1. Create a new application

Login to Microsoft Azure and choose Azure Active Directory from the sidebar.




Then under Manage, select App registrations. 


Then click on the New Registration button to add a new application.


Enter the name "Perimeter 81" for the application, select Web app/API as the Application Type, and for Sign-on URL enter your application URL with your workspace name:



2. Configure the permissions

Once the application has been created, you will have to configure the permissions. Click on the name of the application Perimeter 81 to open the Settings section.


Click API permissions.


Click Add a permission. 


Click APIs my organization uses and choose Windows Azure Active Directory to change access level.


The following window will open:



The next step is to modify permissions so your app can read the directory. Under Delegated permissions check next to Sign in and read user profile and Read directory data.



Support user groups

If you want to enable user group support you will  need to enable the following permissions: Application Permissions: Read directory data;
Delegated Permissions: Access the directory as the signed-in user.

Click the save button at the top to save these changes.

3. Allowing access from external organizations (optional)

If you want to allow users from external organizations (such as other Azure directories) to log in, you will need to enable the Multi-Tenant option for this application. In the Authentication section, choose the Multi-tenant option.

Click the save button at the top to save these changes.


4. Configure the Key

Next, you will need to create a key (secret password) which will be used as the Client Secret in the Perimeter 81 idp connection. Click Certificates and secrets from the Application menu.



Enter a name for the key and choose the desired duration.

Please note

If you choose an expiring key, make sure to record the expiration date in your calendar, as you will need to renew the key (get a new one) before that day in order to ensure users don't experience a service interruption.

Click Add and the key will be displayed. Make sure to copy the value of this key before leaving this screen, otherwise you may need to create a new key. This value is used as the Client Secret in the next step.



5. Configure Reply URLs

Next you need to ensure that your Auth0 callback URL is listed in allowed reply URLs for the created application. Navigate to Azure Active Directory -> Apps registrations and select Perimeter 81 app. Then click Authentication and go to Redirect URLs and add the following link:

Click save.


6. Configure Perimeter 81 IDP connection

On Security Settings-> Security click + Add Provider



Choose Microsoft Azure AD


Fill in Microsoft Azure AD Domain, Domain Aliases (optional), Client ID and Client Secret.


For the Client ID, this value is stored as the Application ID in Azure AD.



For the Client Secret use the value that was shown for the key when you created it in the previous step.

Under Domain set the name of the Microsoft Azure AD Domain and under Domain Aliases insert any email domain that corresponds to the connection.

Click Done.

7. You are Good to Go!

If your users are getting access error after the configuration, please check these steps.

0 out of 0 found this helpful



Please sign in to leave a comment.