Azure Active Directory (Azure AD), Microsoft’s cloud-based identity and access Management service ensure users can securely sign in and access relevant resources. ChilliDB integration with Azure AD now makes it easy for administrators to manage ChilliDB user accounts directly from Azure AD and avoids users having to keep track of multiple passwords. Registering ChilliDB with your Azure AD account To enable ChilliDB to authenticate users again Azure AD you need to first register the ChilliDB Application in your Azure Active Directory. 1. Under Azure Active Directory choose App Registrations. Then select Create New Registrations. 2. On the New Registration page, fill out the form as per below, changing the MyOrg in the Redirect URI to your own ChilliDB System Identifier (normally your organisation initials). Please note the Redirect URI is case sensitive so ensure it matches exactly your systems URI. Once completed click Register to register the app. 3. After the Registration is completed, click Authentication on the left-hand side and select ID Tokens on Implicit grant as shown below: 4. Make a copy of the following items as they will be needed to configure ChilliDB. · Application (client) ID. (In the Overview page for the app) · Directory (tenant) ID. (In the Overview page for the app) · Redirect URIs. (In the Authentication page for the app) Recording the Azure AD App Registration details in ChilliDB Login into your ChilliDB System. From the System menu choose System Management. From here select the Manage System Configuration link to enter your Azure AD App details. Enter azure in the search field and filter to return the Azure configuration items. For each item enter the details from the Azure AD App registration page as follows: Once the configuration changes have been applied you can log out and close the browser. Logging in ChilliDB using Azure AD for the first time Start a browser session and visit your ChilliDB site using its normal web address. If you have not already been authenticated by Microsoft Azure you will be prompted at this point for your login details. Once successfully authenticated you will be redirected back to ChilliDB login page. If your Azure AD username (User Principal Name) is not found in your ChilliDB users list you will be presented with the login message below. At this point you should request you ChilliDB administrator creates or updates your user account to have the same name as your Microsoft Azure AD username. If your Azure AD username is found, you will be automatically logged into ChilliDB. Synchronizing contacts details After a user logs into ChilliDB using their Microsoft Azure AD details, the following ChilliDB information will be automatically updated if it differs from the information recorded in Microsoft Azure AD: - Contact first name. - Contact last name. - Contact business email. If changes are made the contact modification details will be updated with the date it occurred and the system user as the modifier. Automatic Creation of ChilliDB User for Azure AD When using Microsoft Azure AD for authentication the ChilliDB user and its related contact details can be automatically created if they do not exist in ChilliDB. This avoids the administrator from needing to create the user in both Microsoft Azure AD and ChilliDB. To achieve this the default role and contact type must be defined in addition to contacts name in Microsoft Azure AD. To enable this feature, the following settings are required. Within Microsoft Azure AD ensure that the following optional claims are exposed: 1. User Given Name 2. User Family Name To expose these claims view the ChilliDB App Registration you made previously and select the Token configuration from the left hand options. Click Add optional claim and Select ID on the Token Type and check the family_name and given_name claims. As these fields are not mandatory in Azure, if they are not completed the Name field will be used to create the ChilliDB contact name by using the first word from the Name field and the remaining words will be part of the contact last name. If the Name field has only 1 word, then that will be the contact first name and the contact's a last name will be set to Not Specified. After making the configuration changes in Azure login into your ChilliDB System. From the System menu choose System Management. From here select the Manage System Configuration link to set the following configuration values: Default Organisation for Contact Ensure the “System Owner” item is set to the correct organisation. This will be the organisation that the contact is associated with when created. Default type for Contact Set the type that will be used for the contact when they are created by associating a type with the “Contact Add Default Type” item. Default role for User Set the role that will be used for the user when they are created by associating a role with the “User Add Default Role” item. Enable automatic user creation Enable automatic user creation by setting the “Azure Automatic Chillidb User Creation Enabled“ item to true.