< All Topics

Configuring AzureAD with OpenID

Azure AD is one of the available IDPs to use with Single Sign-On (SSO) in your Hosted~FTP~ account, allowing you to authenticate securely from any device with your SSO credential. This feature is available on our Enterprise T2+ and above accounts.

Redirect URIs

Required redirect URIs to register in your Azure portal (See step 14 below)

Server location Sign-in redirect URI
Virginia US1 Https://us1.hostedftp.com/openidconnect
(Already added in Step 11)
Virginia US2 Https://us2.hostedftp.com/openidconnect
California Https://us3.hostedftp.com/openidconnect
Oregon Https://us4.hostedftp.com/openidconnect
Ireland Https://ie1.hostedftp.com/openidconnect
Frankfurt Https://de1.hostedftp.com/openidconnect
Australia Https://au1.hostedftp.com/openidconnect
Korea Https://kr1.hostedftp.com/openidconnect
Japan Https://jp1.hostedftp.com/openidconnect
India Https://in1.hostedftp.com/openidconnect

 

How to setup Azure AD

Please follow the steps below in your Azure portal.

Step Instructions
1  Sign-in to Azure portal
2 Navigate to the Azure Active Directory that contains the users that will be accessing the FTP server
3 Click on “App registration”
4 Click on “New registration”
5 Enter Name: “HostedFTP Webapp”
6 Select Supported account type “Accounts in this organizational directory only (Default Directory only – Single tenant)”
7 Click “Register”
8 Click “Add a Redirect URI”
9 Click “Add a platform”
10 Click “Web”
11 Enter Redirect URIs of “https://us1.hostedftp.com/openidconnect
12 Enable checkbox “ID tokens (used for implicit and hybrid flows)”
13 Click “Configure”
14 Click “Add URI” link to add the remaining redirect URIs in the table (see above table)
15 Click “Save” after adding all redirect URIs
16 Click “Add a certificate or secret”
17 Click “New client secret”
18 Enter description and expiration date
19 Click “Add”
20 Copy the “Value” field and store securely. This secret value cannot be viewed again after its initial creation. It will be required when setting up the SSO connection on the FTP side.
21 Click “API permissions” and ensure that the permission “Microsoft Graph / User.Read”  is present with Type = Delegated

 

 

Configuring SSO Azure AD in Hosted~FTP~

Once you have followed all of the steps above, you can continue to the Hosted~FTP~ interface as the account admin to setup Azure AD SSO.

1. Go to your Setup tab and click on the SSO page and click on the Add button

2. Fill out the fields including the information you retained when creating your Azure AD application and click on Save when completed

Name The label of the SSO to be recognized when enforcing on an account/group/user level
Provider Select Azure AD
Domain From the Azure portal Azure Active Directory Overview blade, copy the value for “Directory (tenant) ID”
Client ID From the Azure portal Azure Active Directory Overview blade, copy the value for “Application (client) ID”
Client Secret The client secret created in the Azure portal
Extra Parameters None required
Active Defaulted to be on active, un-checking this option will turn off the SSO

 

Enabling SSO for users

Once your SSO is configured, you will need to enable your user logins to use SSO on an entire account, group of users, or individual user level. Please refer to this article on how to enable SSO for user logins.

Table of Contents