Azure AD Connector - AD Configuration

This page describes the configurations needed on AD side to allow users to login using Azure AD

The Azure AD Connector provides Single Sign On access for your users on Tradecloud.

Only the users you allow (using an AD conditional access policy) are synced to Tradecloud.

A new Active Directory user is automatically created in your Tradecloud company.

The Azure AD Connector is an add-on. Contact [email protected] for info.

Configure Azure AD for authentication

To allow users to log in using a Azure AD account, you must register Tradecloud as an application in the Microsoft Azure portal

To register your app with Azure AD, see Microsoft's Quickstart: Register an application with the Microsoft identity platform.

During registration, configure the following settings:

Option

Setting

Supported account types

To allow users from external organizations (like other Azure AD directories) choose the appropriate multitenant option. Multitenant options include the following: Accounts in any organizational directory (Any Azure AD directory - Multitenant).

Redirect URI

Enter your callback URL: https://portal.tradecloud1.com/auth0-callback‚Äč

During this process, Microsoft generates an Application (client) ID for the application; you can find this on the app's Overview screen. Make note of this value.

Create a client secret

To create a client secret, see Microsoft's Quickstart: Configure a client application to access web APIs - Add Credentials to your web application.

Once generated, make note of this value.

If you configure an expiring secret, make sure to record the expiration date; you will need to renew the key before that day to avoid a service interruption. We recommend you choose "never expires"

Add permissions

To add permissions, see Microsoft's Quickstart: Configure a client application to access web APIs - Add permissions to access web APIs.

You will need to configure permissions for the Microsoft Graph API.

While setting up your permissions, configure the following settings:

Permission Section

Permission/Field

Delegated permissions

Users > User.Read

Directory > Directory.Read.All

Send credentials to Tradecloud

Send client id and client secret using a secure email or a secure link to Tradecloud so that one of the engineers can configure SSO for you.