Setup Azure SSO in MyPay

Owned by Infinet Support (Unlicensed)
Last updated: Oct 16, 2020

Create Azure account and register MyPay application

  1. Create Azure account (not necessary if you have one already)

    1. go to https://portal.azure.com/

    2. click create account, fill in email, password etc

  2. Create a tenant and organisation (not necessary if you have one already)

    1. go to Azure portal https://portal.azure.com/

    2. go to menu, click Active Directory

    3. click Create tenant

    4. tenant type “Azure Active Directory”, choose org name, domain name

    5. it takes a while. After it is created you may need to switch to the new tenant/organization in Active Direcotry

  3. Register new App

    1. go to Azure portal (make sure you are in right org) and click App Registrations from the menu

    2. click New Registration

    3. choose account type: Single tenant

    4. redirect URI: web: https://api.mypay.management/v1/ext-auth-callback

    5. click Register. In the overview you will see Application (client) ID, save it for later use

    6. in the new app go to “Certificates & secrets”, click New client secret, create one and save the value for later use

  4. Assign users/groups to the application

    1. go to your application (App Registration in the menu)

    2. click Overview, click your app under: “Managed application in local directory”

    3. choose whatever you need (e.g. “Assign users and groups” and select user/groups)

    4. make sure users have the Email field set

      • business organisations most probably will have the user email set

      • users created in free test Azure AD account may not (maybe because of this) but users invited to test accounts will have email set


Configure Azure authentication provider in MyPay

You will need:

  • Azure tenant id and authorize URL

  • Azure application Client ID

  • Azure application Client secret

  1. Login to MyPay as admin

  2. go to "Setup" → "External Authetication Provider" in menu, click "Create"

  3. choose a name

  4. Type: Azure

  5. set URL where user will be redirected to login:
    https://login.microsoftonline.com/<your-tenant-id>/oauth2/v2.0/authorize
    replace your tenant id

  6. Client ID: your Azure application client ID

  7. Client secret: your Azure application client secret

  8. save the new configuration

  9. After the save you will see the field "Login URL" populated with an URL. Admin must provide this URL to all users that should authenticate to MyPay using Azure.
    Users must use this URL - the standard username/password authentication at MyPay login page will not work!
    Also you use this URL to allow accessing MyPay from Azure. See below.

Access MyPay from Azure

Users authenticated to Microsoft can have MyPay in the list of application registered with their account.

To enable accessing MyPay from Azure:

  1. go to Azure portal as admin

  2. go to Active Directory, App registration and select MyPay

  3. In the menu, go to branding

  4. set “Home Page URL” field - you can find the URL in MyPay at External Authentication Provider settings in “Login URL” field

Page Contents