Azure AD Self Serve SSO Steps - OIDC

Open the ORG:your-org menu on the top and go to Organization Details.

Select the Authentication tab.

Use the Add Identity Provider list on the right and select OpenID Connect 1.0 identity provider connection.

Add a Connection Name, for example, Azure-OIDC.

In the Azure AD tenant, select App registrations in the left pane.

Select  +New registration on the top left.

For * Name use SingleStore.

Select which accounts can access the API, typically this is Accounts in this organizational directory only (the default).

Under Redirect URI (optional):

• Select a platform: Web

• For the URL, from the SingleStore Helios Portal, copy Login Redirect URLs to Login Redirect URLs.

Set up the issuer for Azure AD, under (2) Client Details / Client ID copy Application (client) ID from under Register in the Azure AD portal.

Fill in the Client Details /Issuer by manually joining together the following three substrings into a single string:

• https://login.microsoftonline.com/

• The directory (tenant) ID, a uuid.

• /v2.0.

Adjust the Scopes under Connection Settings. The desired scopes are: "openid", "email" and "profile".  Adjust scopes to match these.

Add your domain , verify it and select Activate.

A client secret is required. These client secrets always expire.

On the main page, under Client credentials, select Add a certificate or secret.

Select +New client secret to add a new secret.

Fill in the description and set an expiration date. Note, that authorization will break on that date.

On the main Authentication screen, select Update Connection in the Actions column and copy the secret from the Azure AD portal.

Select Save to confirm the changes.