This is an old revision of the document!
Table of Contents
Integrating Azure AD with JC360: Setup Guide
| To enable Single Sign-On (SSO) and integrate your Microsoft Entra ID (Azure AD) with our service, please follow the steps below. |
|---|
Collect and Share Your Tenant ID
- Sign in to the Azure Portal – Entra ID Overview (https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview)
- Copy your Tenant ID (Directory ID) – this is a 36-character GUID.
- Send this Tenant ID to our support team at support@jobctrl.com
Step 1: Register a New Application in Microsoft Entra ID
You’ll need to create an App Registration in your Azure portal. This app will act as the identity bridge between your Azure AD and JC360. (help: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)
Step 2: Add the Redirect URI and enable the ID token
You must add a redirect URI to your app registration. This URI depends on your JC360 hosting type:
- Cloud-based environments (hosted by JC360): https://jobctrl.com/Login/AzureADAuthenticate.aspx (or https://br.jobctrl.com/Login/AzureADAuthenticate.aspx)
- On-site (self-hosted) environments: https://jc360.[company-short-name].com/Login/AzureADAuthenticate.aspx
(help: https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-redirect-uri)
Once the URi assignment has been maden, the following one-time configuration is required to enable ID tokens by the authentication endpoints;
Step 3: Generate a Client Secret
In the app registration's “Certificates & secrets” section, generate a client secret. Save this value securely—you'll need to share it with JC360 Support. (help: https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret)
Step 4: Send Required Information to JC360 Support
Please send the following values to JC360 Support Team via email (support@jobctrl.com):
- Application (Client) ID
- Tenant ID
- Client Secret
- User Principal Name (UPN) of the person performing the initial login test
These credentials allow us to configure Azure AD authentication and allow access to your domain.
Step 5: Assign Microsoft Graph Permissions
To enable automatic user synchronization, configure Microsoft Graph API permissions for your app:
- Add Application permissions to read user profiles.
- Grant Admin consent after assigning permissions.
(help: https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#application-permission-to-microsoft-graph , https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-configure-app-access-web-apis#admin-consent-button)