SSO setup - Azure AD (OpenID Connect)

Splashtop now supports logging in my.splashtop.eu and Splashtop Business app using the credential created from your OpenID Connect identity providers. Please follow the below instructions to create an app from Azure AD console.

Get the app on Azure AD console

  1. Click Azure Active Directory. OIDC_azure_1_en-us.png
  2. Click App Registration. Then New Registration.
    OIDC_azure_2_en-us.png
    OIDC_azure_3_en-us.png
  3. Name your application.
    On Supported account types: select Accounts in this organizational directory only (Splashtop only - Single tenant)
    On Redirect URI (optional): select web and insert https://my.splashtop.com/sso/openid/azure/callback
    (or https://my.splashtop.eu/sso/openid/azure/callback if you are on EU stack)

    Then click Register then done!

    Example, for global stack,

    Example, for EU stack,

  4. After registered, on the app page you can see the Client ID.
    OIDC_azure_5_en-us.png
  5. Click Endpoints tab to find the Authorization endpoint URL and Token endpoint URL info.
    OIDC_azure_6_en-us.png
    OIDC_azure_7_en-us.png
  6. Click Certificates & secrets on the side menu to create a Client secret (Secret ID).
    OIDC_azure_8_en-us.png
    OIDC_azure_9_en-us.png
    OIDC_azure_10_en-us.png

Apply for an SSO method from my.splashtop.com

  1. On my.splashtop.com, create an SSO method with OpenID Connect as the protocol.
    (How to How to apply for a new SSO method? (OpenID Connect))
  2. Insert the corresponding info:
    Client IDCopy from step 4 above.
    Client Secret: Copy from step 6 above.
    Authorization endpoint URL: Copy from step 5 above, A field in the screenshot.
    e.g., https://login.microsoftonline.com/a32c6ed5-95c9-40ff-8af0-64241742816f/oauth2/v2.0/authorize

    Token endpoint URL: Copy from step 5 above, B field in the screenshot.
    e.g., https://login.microsoftonline.com/a32c6ed5-95c9-40ff-8af0-64241742816f/oauth2/v2.0/token

    JSON Web Key Set URL: https://base_url/discovery/v2.0/keys
    base_url = url of authorization and token URL with /oauth2/v2.0/... removed. 
    e.g., https://login.microsoftonline.com/a32c6ed5-95c9-40ff-8af0-64241742816f/discovery/v2.0/keys

OIDC_azure_11_en-us.png

 

0 out of 0 found this helpful