Set up Azure IdP for OAuth/OIDC
Configure SSO with Azure as IdP
Azure Configuration
Use the following configuration for Azure OIDC v2.0. Get in touch with your IDP administrator to know the partially masked field values.
{
"providerId": "AzureFederate",
"vendor": "azure_v2",
"loginEndpoint": "https://login.microsoftonline.com/fc59****-6***-4***-b***-****5541****/oauth2/v2.0/authorize",
"tokenEndpoint": "https://login.microsoftonline.com/fc59****-6***-4***-b***-****5541****/oauth2/v2.0/token",
"callbackEndpoint": "https://auth.reltio.com/oauth/callback",
"revokeEndpoint": "https://login.microsoftonline.com/fc59****-6***-4***-b***-****5541****/oauth2/v2.0/logout",
"clientId": "8416****-e***-4***-a***-22cf****9d4d",
"clientSecret": "gjm****1k-y-UM9bW****4e5R***g0_0v~",
"scope": "openid profile email offline_access",
"userIdMapping": "uid",
"userEmailMapping": "email",
"defaultNewUserRoleList": [],
"tenants": [
"tenantId"
],
"jwt": true,
"jwtSignatureConfig": {
"algorithm": "RSA256",
"issuer": "https://login.microsoftonline.com/fc59****-6***-4***-b***-****5541****/v2.0",
"jwksURL": "https://login.microsoftonline.com/fc59****-6***-4***-b***-****5541****/discovery/v2.0/keys"
},
"defaultGroups": [],
"rolePerTenantSsoEnabled": false,
"sendClientCredentialsInBody": false
}
If you want to assign users to Reltio roles based on their Azure Active Directory (Azure AD) group membership, you must configure group claims mapping in your SSO settings. By default, Azure AD does not return group claims when using the Microsoft Graph userinfo endpoint. To retrieve groups, Reltio must validate the ID token (JWT) and extract group claims directly.
For more information, see topic Configure Azure AD group claims mapping using JWT.