Skip to main content

How to Set Up SSO with Azure AD

Updated over a week ago

This article guides you through setting up Single Sign-On (SSO) using Microsoft Azure Active Directory (Azure AD) and Keycloak via OpenID Connect (OIDC). This is applicable for customers who want to integrate their Azure AD environment with Corti’s Keycloak-based authentication.

Part 1: Setting up the Azure AD Application

Note: This step must be performed by someone with permissions to create Azure AD applications.

Step-by-Step Instructions:

  1. Log into Microsoft Azure
    Navigate to https://portal.azure.com and sign in.

  2. Access Azure Active Directory
    From the sidebar, select Azure Active Directory.

  3. Go to Enterprise Applications
    In the left-hand menu, click Enterprise Applications.

  4. Create a New Application
    Select New application from the top menu.

  5. Register a New App
    Choose Create your own application, then select Register an application to integrate with Azure AD.

  6. Register an application

    • Select “Register an application to integrate with Azure AD” and provide a name, and select “Create”

  7. Configure Basic App Info

    • Provide a Name

    • Select Accounts in this organization only

    • Set the Redirect URI to:

      https://keycloak.{ENVIRONMENT_NAME}.corti.live/realms/{ENVIRONMENT_NAME}/broker/oidc/endpoint

  8. Note Application Details
    After creation, copy these values from the app's Overview:

    • Application (client) ID

    • Directory (tenant) ID

  9. Set Up API Permissions

    • Go to API permissions

    • Click Add a permission

    • Choose Microsoft Graph → Delegated permissions

    • Select: email, openid, profile

    • Click Add permissions

    • Click Grant admin consent

  10. Create a Client Secret

    • Go to Certificates & secrets

    • Click New client secret

    • Set a description and expiration. Please note: If they set an expiration and the secret expires, SSO will break and they will have to contact us to update that secret. Setting no expiration is likely preferred.

    • Save the generated secret value immediately (you won’t be able to retrieve it again)

  11. Share Application (Client) ID and Client Secret with Corti

✅ Summary

You’ve now set up a secure, seamless SSO connection between Azure AD and Keycloak using OpenID Connect. This configuration allows users in your Azure AD domain to log into Corti environments without needing separate credentials.

For further assistance, reach out to your Corti implementation representative or support team.

Related Articles
Deployment
Information Safeguarding
Setting Up Okta for Corti
How to Get Started with Corti’s API: From Authentication to Real-Time Clinical Insights
Embedding Corti Assistant: Typical Workflow
Did this answer your question?