Create Azure account and register MyPay application

Create Azure account (not necessary if you have one already)
1. go to https://portal.azure.com/
2. click create account, fill in email, password etc
Create a tenant and organisation (not necessary if you have one already)
1. go to Azure portal https://portal.azure.com/
2. go to menu, click Active Directory
3. click Create tenant
4. tenant type “Azure Active Directory”, choose org name, domain name
5. it takes a while. After it is created you may need to switch to the new tenant/organization in Active Direcotry
Register new App
1. go to Azure portal (make sure you are in right org) and click App Registrations from the menu
2. click New Registration
3. choose account type: Single tenant
4. redirect URI: web: https://api.mypay.management/v1/ext-auth-callback
5. click Register. In the overview you will see Application (client) ID, save it for later use
6. in the new app go to “Certificates & secrets”, click New client secret, create one and save the value for later use
Assign users/groups to the application
1. go to your application (App Registration in the menu)
2. click Overview, click your app under: “Managed application in local directory”
3. choose whatever you need (e.g. “Assign users and groups” and select user/groups)
4. make sure users have the Email field set
  - business organisations most probably will have the user email set
  - users created in free test Azure AD account may not (maybe because of this) but users invited to test accounts will have email set

Configure Azure authentication provider in MyPay

You will need:

Azure tenant id and authorize URL
Azure application Client ID
Azure application Client secret

Login to MyPay as admin
go to "Setup" → "External Authetication Provider" in menu, click "Create"
choose a name
Type: Azure
set URL where user will be redirected to login:
https://login.microsoftonline.com/<your-tenant-id>/oauth2/v2.0/authorize
replace your tenant id
Client ID: your Azure application client ID
Client secret: your Azure application client secret
save the new configuration
After the save you will see the field "Login URL" populated with an URL. Admin must provide this URL to all users that should authenticate to MyPay using Azure.
Users must use this URL - the standard username/password authentication at MyPay login page will not work!
Also you use this URL to allow accessing MyPay from Azure. See below.

Access MyPay from Azure

Users authenticated to Microsoft can have MyPay in the list of application registered with their account.

To enable accessing MyPay from Azure:

go to Azure portal as admin
go to Active Directory, App registration and select MyPay
In the menu, go to branding
set “Home Page URL” field - you can find the URL in MyPay at External Authentication Provider settings in “Login URL” field

Page Contents

Browser not supported