How to Set Up the OpenID Configuration with Microsoft Azure

This article shows steps on how to set up the OpenID integration that allows users to log in with Microsoft Azure AD.

Before creating this configuration, please:

1. Make sure that you have an account created for Microsoft Azure AD and login https://login.microsoftonline.com/
2. Go to the https://aad.portal.azure.com/

Create the new OpenID configuration #

When you log in to the YTM application, navigate to the following:

1. System page.
2. Choose the Integrations option.

When the page opens, go to the:

1. OpenID settings tab.
2. Click the Add new OpenID configuration button to create a new configuration.

The pop-up window will appear.

How to fill in the mandatory fields #

1. 1. Name – Enter the name you choose for the configuration.
   2. Configuration URL – Go to the https://aad.portal.azure.com/ and create the new registration following the steps from the picture below: Give the name to the new registration and confirm it with the Register button below (as in the picture below): Now, when the registration is created, navigate to the Endpoints to copy the OpenID Connect metadata document (as in the picture below): Paste the URL into the Configuration URL field in the YTM application.
   3. Client ID – Copy the data from the Application (client) ID field (as in the picture below): And paste it to the Client ID field in the YTM application.
   4. Client secret – To create it, follow the steps from these pictures below: Once the Client secret is created, copy the Value: And paste it to the Client secret field in the YTM application.
   5. Scope – We already have predefined scope values in the YTM application:   Which we need to confirm in Microsoft Azure (as in the picture below):

After you add permissions, it should be displayed as below: Now, you need to set Token configuration in Microsoft Azure and choose the Optional claims and Groups claim.

Optional claims: To add Optional claims, follow the instructions from the picture below: And choose the next claims: Groups claim: Set the Groups claim by following the steps from the image below: Once you have set all claims, you can continue filling in the mandatory fields in the YTM application.

1.  Username attribute – Copy and paste this value: id_token.preferred_username
2. Email attribute – Copy and paste this value: user_info.email
3. Callback URL –  The data that we integrate into Microsoft Azure by following these steps: And paste the Callback URL from the YTM application into the Microsoft Azure application:
4. Role code attribute: There is a predefined code – ‘ATT’ which shouldn’t be changed. With that setting, all users that sign in using Open ID will get a Student role.
   If you wish to modify the role mapping yourself, you can utilize the role code from the relevant role in the Roles and permissions tab to create a new OpenID configuration or update the existing one. Alternatively, if you require a different role mapping, please provide us with additional information regarding the desired mapping and the properties on which it should be based. We will then offer guidance on how to set it up.

After adding all the mandatory fields, click the Save button to save the configuration.

Student’s perspective #

Students can choose to sign in with the newly created OpenID:

These are the first-time login steps:

Once the student has passed the validation steps, he will be directed to the YTM application.

NOTE: Please contact our support team at support@youtestme.com if you have trouble configuring your OpenID configuration.

For more related instructional materials, please visit:

• How to set up SSO configuration

• How to register in the application