orchestrator
2021.10
false
- Getting started
- Best practices
- Tenant
- Folders Context
- Automations
- Processes
- Jobs
- Triggers
- Logs
- Monitoring
- Queues
- Assets
- Storage Buckets
- Test Suite - Orchestrator
- Other Configurations
- Integrations
- Classic Robots
- Host administration
- About the host level
- Managing system administrators
- Managing tenants
- Reconfiguring authentication after upgrade
- Allowing or restricting basic authentication
- Configuring SSO: Google
- Configuring SSO: Azure Active Directory
- Setting up the Azure AD Integration
- Configuring system email notifications
- Audit logs for the host portal
- Maintenance Mode
- Organization administration
- Troubleshooting
Configuring SSO: Azure Active Directory

OUT OF SUPPORT
Orchestrator User Guide
Last updated Oct 31, 2024
If you enable the Azure AD integration at the host level, as described on this page, you cannot enable it at the organization/tenant level.
The integration at the host level only enables SSO. But if enabled at the organization/tenant level, the integration allows for SSO, but also for directory search and automatic user provisioning.
Note: The below steps are a broad description of a sample configuration. For more detailed instructions, see the Microsoft documentation for configuring Azure AD as an authentication provider.
- Log in to the Azure portal as an administrator.
- Go to App Registrations, and click New Registration.
- In the Register an application page, fill in the Name field with a name for your Orchestrator instance.
- In the Supported account types section, select Accounts in this organizational directory only.
- Set the Redirect URI by selecting Web from the drop-down list and filling in the URL of your Orchestrator instance, plus the suffix
/identity/azure-signin-oidc
. For example,https://baseURL/identity/azure-signin-oidc
. - At the bottom, select the ID tokens checkbox.
- Click Register to create the app registration for Orchestrator.
- Save the Application (Client) ID to use it later.
Now that Orchestrator is integrated with Azure AD Sign-In, user accounts that have a valid Azure AD email address can use the Azure AD SSO option on the Login page to sign in to Orchestrator.
Each administrator must do this for their organization/tenant if they want to allow login with Azure AD SSO.
- Log in to Orchestrator as an administrator.
- Add local user accounts for your users, each with a valid Azure AD email address.