Configuring Microsoft Azure for enterprise login authentication

Last Updated : Jun 03, 2025 |

About this task

You can configure Microsoft Azure to integrate with CMS to enable enterprise login authentication. You must configure Microsoft Azure to add a single-page application for the CMS Supervisor Web Client. Additionally, you must set the redirect value to match the CMS Supervisor Web Client URL configured on the CMS system.

Note:

The following sample procedure illustrates how to configure Microsoft Azure to enable enterprise login authentication for CMS.

Procedure

  1. Log in to the Microsoft Azure portal.
  2. Perform the steps to register a single-page application (SPA). For more information about registering a single-page application in the Microsoft identity platform, see https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#create-the-app-registration.
    Note:

    When your application registration completes, note the Application (client) ID and Directory (tenant) ID. You require these values later to configure CMS.

  3. Configure the platform settings. This includes setting the Redirect URI to specify where the Microsoft identity platform should redirect the client. For more information, see https://docs.microsoft.com/en-us/azure/active-directory/develop/scenario-spa-app-registration#redirect-uri-msaljs-20-with-auth-code-flow.
    Note:

    • When configuring the single-page application settings, ensure that you specify the redirect URI and front-channel logout URL. These values are required for configuring the CMS login.properties file used for the single-page application. Additionally, ensure that you see the message "Your Redirect URI is eligible for the Authorization Code Flow with PKCE" below the Grant Types section.

    • In the Implicit Grant and Hybrid Flows section, ensure that the check boxes to select tokens are clear.

  4. After completing the platform configuration, ensure that the User.Read permission of type Delegated exists in Azure for the application. You can view the list of API permissions by clicking API permissions in the left menu. If the Admin Consent column indicates No, grant admin consent by clicking Grant admin consent.

Next Steps

You can now proceed with the steps to configure CMS.