The Azure AD Connector provides Single Sign On access for your users on Tradecloud.
Only the users you allow (using an AD conditional access policy) are synced to Tradecloud.
A new Active Directory user is automatically created in your Tradecloud company.
To allow users to log in using a Azure AD account, you must register Tradecloud as an application in the Microsoft Azure portal
To register your app with Azure AD, see Microsoft's Quickstart: Register an application with the Microsoft identity platform.
During registration, configure the following settings:
Supported account types
To allow users from external organizations (like other Azure AD directories) choose the appropriate multitenant option. Multitenant options include the following: Accounts in any organizational directory (Any Azure AD directory - Multitenant).
Enter your callback URL: https://portal.tradecloud1.com/auth0-callback
During this process, Microsoft generates an Application (client) ID for the application; you can find this on the app's Overview screen. Make note of this value.
To create a client secret, see Microsoft's Quickstart: Configure a client application to access web APIs - Add Credentials to your web application.
Once generated, make note of this value.
If you configure an expiring secret, make sure to record the expiration date; you will need to renew the key before that day to avoid a service interruption. We recommend you choose "never expires"
To add permissions, see Microsoft's Quickstart: Configure a client application to access web APIs - Add permissions to access web APIs.
You will need to configure permissions for the Microsoft Graph API.
While setting up your permissions, configure the following settings:
Users > User.Read
Directory > Directory.Read.All
Send client id and client secret using a secure email or a secure link to Tradecloud so that one of the engineers can configure SSO for you.