# Azure AD via OIDC

## Prerequisites

1. You must have an Aerofiler subscription that supports Azure AD integration and Aerofiler Support must have enabled Azure AD integration for your Account

## **Setup Steps**

1. Go to “Azure Active Directory”
2. In the Overview section, copy the Tenant ID (used later).
3. Go to “App Registrations” (left menu)
4. Click “New registration” at the top
5. For “Name”, enter “Aerofiler”
6. In “Supported account types” select the most suitable for your organization which is most likely “Accounts in this organizational directory only” (“Single tenant”)
7. For “Redirect URI” enter the Redirect URL provided by Aerofiler. Typically this is in the form <https://acme.aerofiler.com/auth/msal/callback> or <https://acme.aerofiler.com.au/auth/msal/> callback, where `acme` is your Aerofiler sitename.
8. Click “Register” (bottom)
9. Copy the “Application (client) ID” value for later
10. Click “Add a certificate or secret”, near “Client credentials” (top right)
11. In the “Client secrets” area, click “New client secret”
12. Enter a relevant description and choose a suitable “Expires” value
13. Click “Add” (bottom)
14. Copy the value in the “Value” column. This is the Client Secret.
15. Send the following information to Aerofiler in a text file via the secure link provided by Aerofiler:
    1. Tenant ID: \[from step 2]
    2. Client (Application) ID: \[from step 9]
    3. Client Secret: \[from step 14]

Once the above is completed, Aerofiler may need to send you a link that needs to be clicked on to authorise the application within Azure AD.

{% hint style="info" %}
Depending on chosen expiry period, a new Client Secret for this connection will need to be generated and given to Aerofiler before the current one expires, otherwise login through SSO will stop working.
{% endhint %}