In order to enable Azure AD as a login option for the NordLayer application, you will need to do the following:
1. Log in to your Azure panel
2. Click App registrations in the main menu
3. Click New registration
4. In the Name field, enter NordLayer
5. Select your supported account types
6. Click Register at the bottom of the page
7. In the newly opened page, select API permissions tab in the left menu
8. Click Add a permission and add the following permissions:
- select Microsoft Graph, and choose Delegated permissions
- mark profile and email under OpenId permissions
- scroll to the bottom and make sure that under User, User.Read is check marked as well
9. Confirm the selections by pressing on Add permissions at the bottom
10. Press on Grant admin consent for at the top to grant admin consent for this directory on behalf of all of your users
11. Confirm this option by choosing Yes on the opened prompt
12. Head to Token configuration tab on the left side
13. Select Add optional claim and choose Token type – ID, mark Claims: email, upn and save your selection by pressing on Add the bottom
14. Open Authentication tab in the left menu
15. Select Add a platform at the top
16. Choose Web
17. Enter https://auth.nordlayer.com/v1/tokens/oauth/resolution to Redirect URls field
18. At Implicit grant and hybrid flows, check Access tokens and ID tokens
19. Save the changes by clicking on Configure at the bottom
20. Open Overview in the left menu
21. Copy Application (client) ID and keep it safe
22. Copy Directory (Tenant) ID and keep it safe
23. Open Certificates & secrets tab in the left menu
24. Choose Client secrets tab and press New client secret
25. In the description field, enter NordLayer
26. In the expiry field, select 24 months
27. To save the changes, click on Add the bottom
28. Copy the generated Value and keep it somewhere safe as it is displayed only once
Once you have all these three values: Application (client) ID, Directory (Tenant) ID and Generated Client Secret Value, you can head to the Control Panel on our website and navigate to Settings – Login options. By choosing Azure AD you will be prompted to enter those three collected values. Once you submit this information, your organization members will now have the ability to log into the NordLayer application using Azure AD.
Ref: