To use Single sign-on using Azure Active Directory (AAD), an AAD App must be registered for Coins ERP+ to interact with.
Using Azure Portal, navigate to the App Registrations on Azure Active Directory.
App Registrations
Create a New Registration.
New App Registration
If you are using the Code Grant method of authentication, the App needs the User.Read permission to be granted. This is the default.
The other permissions will be added by the Admin Consent process.
Select Manifest.
Change
"oauth2AllowImplicitFlow": true,
"oauth2AllowIdTokenImplicitFlow": true,
and save.
Edit Manifest
Select Branding.
Branding
Enter the Home page URL; this will probably be the URL for wologin.p followed by ?type=token&idp=aad .
Upload a logo for the app if required.
Select Authentication.
Authentication
If users from different domains need to be allowed to use the app, set Multi tenanted to Yes. If you only have a single domain this is not needed.
Set two redirect URIs, one for wologin.p and one for wo2coins.p (for responsive design), and save.
If you are going to use AAD login:
Select Certificates & Secrets.
Create a client secret for the application.
Certificates & Secrets
Copy the value (you will not able to retrieve it after you close the frame) and save in to the AAD_SECRET parameter. This allows Coins ERP+ to authenticate with the application. AAD login will ONLY work if the user is able to authenticate with AAD without two-factor authentication.
Select Overview.
Overview
Copy the Application (client) ID and save it to the AAD_CLIENT_ID parameter.
After creating the App in AAD it can take some time (may be a few hours) before it appears on the list of Apps for a user.