- >
- >
Configuring AzureAD with OpenID
Azure AD is one of the available IDPs to use with Single Sign-On (SSO) in your Hosted~FTP~ account, allowing you to authenticate securely from any device with your SSO credential. This feature is available on our Enterprise T2+ and above accounts.
Redirect URIs
Required redirect URIs to register in your Azure portal (See step 14 below)
| Server location | Sign-in redirect URI |
| Virginia US1 | Https://us1.hostedftp.com/openidconnect (Already added in Step 11) |
| Virginia US2 | Https://us2.hostedftp.com/openidconnect |
| California | Https://us3.hostedftp.com/openidconnect |
| Oregon | Https://us4.hostedftp.com/openidconnect |
| Ireland | Https://ie1.hostedftp.com/openidconnect |
| Frankfurt | Https://de1.hostedftp.com/openidconnect |
| Australia | Https://au1.hostedftp.com/openidconnect |
| Korea | Https://kr1.hostedftp.com/openidconnect |
| Japan | Https://jp1.hostedftp.com/openidconnect |
| India | Https://in1.hostedftp.com/openidconnect |
How to setup Azure AD
Please follow the steps below in your Azure portal.
| Step | Instructions |
| 1 | Sign-in to Azure portal |
| 2 | Navigate to the Azure Active Directory that contains the users that will be accessing the FTP server |
| 3 | Click on “App registration” |
| 4 | Click on “New registration” |
| 5 | Enter Name: “HostedFTP Webapp” |
| 6 | Select Supported account type “Accounts in this organizational directory only (Default Directory only – Single tenant)” |
| 7 | Click “Register” |
| 8 | Click “Add a Redirect URI” |
| 9 | Click “Add a platform” |
| 10 | Click “Web” |
| 11 | Enter Redirect URIs of “https://us1.hostedftp.com/openidconnect” |
| 12 | Enable checkbox “ID tokens (used for implicit and hybrid flows)” |
| 13 | Click “Configure” |
| 14 | Click “Add URI” link to add the remaining redirect URIs in the table (see above table) |
| 15 | Click “Save” after adding all redirect URIs |
| 16 | Click “Add a certificate or secret” |
| 17 | Click “New client secret” |
| 18 | Enter description and expiration date |
| 19 | Click “Add” |
| 20 | Copy the “Value” field and store securely. This secret value cannot be viewed again after its initial creation. It will be required when setting up the SSO connection on the FTP side. |
| 21 | Click “API permissions” and ensure that the permission “Microsoft Graph / User.Read” is present with Type = Delegated |
Configuring SSO Azure AD in Hosted~FTP~
Once you have followed all of the steps above, you can continue to the Hosted~FTP~ interface as the account admin to setup Azure AD SSO.
1. Go to your Setup tab and click on the SSO page and click on the Add button
2. Fill out the fields including the information you retained when creating your Azure AD application and click on Save when completed
| Name | The label of the SSO to be recognized when enforcing on an account/group/user level |
| Protocol | Select OpenID Connect |
| Provider | Select Azure AD |
| Domain | From the Azure portal Azure Active Directory Overview blade, copy the value for “Directory (tenant) ID” |
| Client ID | From the Azure portal Azure Active Directory Overview blade, copy the value for “Application (client) ID” |
| Client Secret | The client secret created in the Azure portal |
| Extra Parameters | None required |
| Active | Defaulted to be on active, un-checking this option will turn off the SSO |
Enabling SSO for users
Once your SSO is configured, you will need to enable your user logins to use SSO on an entire account, group of users, or individual user level. Please refer to this article on how to enable SSO for user logins.