Webcastcloud integration with Azure OAuth2 for Single Sign-On (SSO) allows users to seamlessly access the Webcastcloud platform using their Azure credentials. This knowledge base article provides step-by-step instructions on configuring Webcastcloud as a client application in Azure, with a specific focus on setting up the correct redirect URI.
Prerequisites: Before starting the configuration process, ensure that you have the following prerequisites:
- Azure Active Directory (AD) account with administrative privileges.
- Access to the Webcastcloud platform.
Create a New App Registration in Azure AD
- Log in to the Azure Portal (https://portal.azure.com/).
- Navigate to Azure Active Directory > App registrations > New registration
- Complete the registration process
- Name: a friendly name for the application. ie. webcastcloudProd
- Supported account types:
- Accounts in the organizational directly only: If you are using Azure and Webcastcloud for only users in your organization. ie. your staff or your members that have a user account hosted in Azure.
- Accounts in any organizational directory and personal Microsoft accounts: If you are using Azure with Webcastcloud to allow any user globally to access your content library, with their Microsoft login account that is linked to a business/organization or their personal Microsoft account (ie, outlook.com, hotmail.com, live.com, etc)
- Alternatively select Personal Microsoft Accounts only or Organizational Directory only, if you only want to support one of these.
- Redirect URI, Select Web
- Enter Redirect URI as
https://{site.webcastcloud.com}/azure/sso
- If this is your production environment please use your video library hostname. This may be your whitelabel domain name. ie. https://{tv.website.com}/azure/sso
- If you are using Azure along with another integration, such as Dynamics365, then your Redirect URI may be different. Please check with webcastcloud support.
- Select Register
- Note down the Tenant ID and Application (client) ID
- Select Add a Certificate or Secret
- Select + New client secret
- Description: Enter a name that the secret is being used for. ie. Webcastcloud
-
Expires: Set your organization's preferred expiration date.
Note, when the client secret expires, you will need to create a new secret and update this in Webcastcloud Admin again. - Click Add and Copy client secret, before navigating away from the page.
Note: The secret will not be available to copy again
- Click Endpoints from the top menu
- Note the OAuth 2.0 authorization endpoint (v2) URL.
- Note the OAuth 2.0 token endpoint (v2) URL.
Configure API Permissions for the Application
- Remaining in Azure App Registrations for the created Application
- Select API Permissions
- Select Add a Permission
- Select Microsoft Graph
- Select Delegated Permissions
- From OpenID permissions, select the following: email, openId, profile
- Scroll down to User, and add the User permissions: User.Read, User.ReadBasic.All
- Select Add Permissions
Configure Webcastcloud with Azure AD OAuth2 Details
- Log in to the Webcastcloud Admin
- Navigate to the Settings > Integrations
- You can either use Microsoft Azure or OAuth as your Integration Setup. Please discuss with Webcastcloud Support if unsure of the best option for your organization.
-
Microsoft Azure
- Select Edit
- Enter the Azure AD details copied in the steps above:
- Directory (Tenant) ID
- Client ID = Application ID
- Client Secret
- Authorization Url
- Token Url
- Save the changes
- Toggle ON the Azure Integration
-
OAuth2
- Select Edit
- Enter the Azure AD details copied in the steps above:
- Directory (Tenant) ID -> Tenant ID
- OAuth Authorization URL: For example; https://login.microsoftonline.com/common/oauth2/v2.0/authorize
-
OAuth Token URL: For example;
https://login.microsoftonline.com/common/oauth2/v2.0/token - Application (client) ID -> Client ID
- Client Secret -> Client Secret
-
User Info URL: For example;
https://graph.microsoft.com/oidc/userinfo - Save
-
Member Response Mapping: You are now required to setup the User Info values that will be used to create the member profile in Webcastcloud.
- An example of the user info response from Microsoft Graph is:
- We now map these values to required member fields in Webcastcloud:
- sub -> IntegrationUid
- email - > Email
- email - > Username
- name - > FirstName
- family_name - > LastName
Note: these are the ideal minimum fields, although you can add other types if available.
- Your mapping table may now look like this:
- An example of the user info response from Microsoft Graph is:
Step 6: Test the Configuration
- Test the SSO functionality by logging in to Webcastcloud using your Microsoft credentials.
Conclusion: By following these steps, you can successfully configure Webcastcloud as a client application in Azure OAuth2 for Single Sign-On. Ensure that all details, including the redirect URI, are accurately configured to enable seamless authentication between Azure and Webcastcloud.
For assistance in troubleshooting, please contact Webcastcloud Support.