Set Up Azure Account and Register Zone Employee Portal Application

Step 1: Create an Azure Account

(Skip this step if you already have an Azure account.)

1. Go to Azure Portal.

2. Click Create Account, then follow the prompts to set up an account with your email and password.

Step 2: Create a Tenant & Organization

(Skip this if you already have one.)

1. In the Azure Portal, open the menu and go to Active Directory.

2. Click Create tenant.

3. Choose Tenant type: Azure Active Directory.

4. Set the organization name and domain name.

5. Wait for the tenant to be created.

6. Once created, switch to the new tenant in Active Directory if needed.

Step 3: Register Zone Employee Portal as an Application

1. In Azure Portal, ensure you are in the correct tenant.

2. Navigate to App Registrations in the menu.

3. Click New Registration.

4. Choose account type: Single tenant.

5. Set Redirect URI:

   • For global accounts:

      

     https://api.mypay.management/v1/ext-auth-callback

   • For EU-based accounts:

      

     https://api-eu.mypay.management/v1/ext-auth-callback

6. Click Register.

7. In the Overview section, copy and save the Application (Client) ID.

8. Go to Certificates & secrets → New client secret.

9. Create a client secret and save its value for later.

Step 4: Assign Users/Groups to the Application

1. In Azure Portal, go to App Registrations.

2. Click on your registered app under “Managed application in local directory”.

3. Click Assign users and groups.

4. Select the required users and groups.

5. Ensure users have an Email field set.

   • Business organizations usually have this pre-set.

   • Free test Azure AD accounts may not (users invited to test accounts typically do). More info here.

Step 5: Configure Azure Authentication in Zone Employee Portal

Requirements:

• Azure Tenant ID

• Azure Application Client ID

• Azure Application Client Secret

Setup Steps:

1. Log in to Zone Employee Portal as an Admin.

2. Go to Setup → External Authentication Provider.

3. Click Create.

4. Choose a name for the configuration.

5. Set Type to Azure.

6. Set the Redirect URL:

    

   https://login.microsoftonline.com/<your-tenant-id>/oauth2/v2.0/authorize

   (Replace <your-tenant-id> with your actual tenant ID.)

    

7. Enter your Client ID and Client Secret from Azure App Registration.

8. Click Save.

Once saved, a Login URL will be generated. Users must use this URL to authenticate—standard username/password login will not work.

Step 6: Enable Access from Azure

1. In Azure Portal, go to Active Directory → App Registrations.

2. Select Zone Employee Portal.

3. In the menu, go to Branding.

4. Set Home Page URL to the Login URL from Zone Employee Portal’s External Authentication Provider settings.

Final Notes:

• Users logged into Microsoft will now see Zone Employee Portal in their registered applications list.

• Authentication will only work via the Login URL provided in Step 5.