Skip to main content
Skip table of contents

Single-Sign-On (SSO): Setup

App registration

First, we register an OAuth 2.0 application in Azure Active Directory.
To do this, we call up the Azure portal with https://portal.azure.com

Now we open Microsoft Entra ID either via the Azure services or via search

CleanShot 2024-09-04 at 15.27.22-20240904-132746.png

Now we click on App registrations in the menu on the left under Manage

CleanShot 2024-09-04 at 15.28.54-20240904-132911.png

Then we select New registration

CleanShot 2024-09-04 at 15.30.00-20240904-133020.png

Here we fill in the name so that we can later recognize what the registration is for.
For example, Claim Manager SSO could be used as a recommendation.

For supported account types, the first option Accounts in this organizational directory only is usually sufficient

The redirect-URL is specific to your environment. The CMC Support will tell you the redirect-URL to use.

If the CMC-Support did not tell you your redirect-url yet, please contact the CMC Support to ask for it.

Then click on Register at the bottom of the page

CleanShot 2024-09-04 at 15.33.29-20240904-133402.png

App permissions

Congratulations! We have successfully registered our application in Entra ID. Now we still need to grant the application permissions so that the registration works smoothly.

To do this, we click on API permissions in the menu on the left, then on Add a permission, then on Microsoft Graph and then on Delegated permissions.

CleanShot 2024-09-04 at 15.35.41-20240904-133621.png

CleanShot 2024-09-04 at 15.37.08-20240904-133724.png

The following permissions must be set as a minimum:

  • openid

  • profile

  • user.read

offline_access is also required for some use cases.

CleanShot 2024-09-04 at 15.37.54-20240904-133824.png

Create a secret

After we have created the authorizations, we still need to create a secret.
To do this, we go to the application overview and click on the link Add a certificate or secret

CleanShot 2024-09-04 at 15.38.49-20240904-133913.png

Now let's add a new secret key

CleanShot 2024-09-04 at 15.39.42-20240904-134011.png

We assign a meaningful name, such as CMC Claim-Manager SSO Production

And we assign a suitable expiry date for Expires. The length of the expiry period depends on your company's internal security regulations. Unless otherwise specified, we generally use 24 months.

CleanShot 2024-09-04 at 15.41.51-20240904-134154.png

The secret is then added to the list of secrets

CleanShot 2024-09-04 at 15.42.07-20240904-134226.png

Please be aware, that the value of the secret is displayed once only

Now we make a note of the value of the secret to pass on to CMC.

Please be careful to copy the value and not the secret ID

Pass on data to CMC for setup

With the successfully created application and the necessary rights, CMC can now configure the Claim- Manager. The following information is required for this:

We go back to the application registration overview and search for the following values:

  • Application ID

  • Directory ID

  • Value of the previously created secret (not visible in the overview screen)

CleanShot 2024-09-04 at 15.43.48-20240904-134403.png

This data can be sent on to CMC so that it can be integrated into the Claim Manager.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close