# Advanced configuration options

# Microsoft as an identity provider

If you want to allow users to authenticate with their Microsoft account, use Azure Active Directory (opens new window) (AD) to support it. The following steps assume that you already have access to Azure AD, so they only explain the necessary steps to configure the Signicat Sign Portal.

Administrator access

Only users who have administrator access to the Signicat developer dashboard can configure Azure AD. If that's not your case but you still wish to use Azure AD as an identity provider, get in touch with support at support@signicat.com.

  1. Register a new application in the Azure portal. For further information, refer to the Microsoft documentation (opens new window). When prompted to add a redirect URI, use this one: https://id-api.idfy.io/oidc/authorize-callback/.
  2. Log in to the Signicat developer dashboard (opens new window), open your account (under "Management", on the left-hand side), click "Configuration" and, in the "Identity providers" section, find the Microsoft entry and click "Override".
  3. In the "Availability" field, select "Enabled".
  4. In the "Client ID" field, enter your Azure Active Directory client ID.
  5. In the "Client Secret" field, enter the client secret. If you don't have one, or can't remember it, you can create a new one (see this section (opens new window) of the Microsoft documentation).
  6. Fill in the "Discovery Document Endpoint" field with the endpoint to fetch the OIDC metadata document. The endpoint should look like this: https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration. The {tenant} parameter can have several different values; refer to this section (opens new window) of the Microsoft documentation to learn more about these values and decide which one best fits your use case.

A screenshot showing the configuration options related to Microsoft Azure AD click-to-zoom

# Custom domains

Custom domains are separate add-on options to your paid plan. There are two types: app domain, which refers to the URL of the portal and the email domain that goes with it, and subdomain, which refers to the URL that signers will access to sign the orders that you send them.

To set them up:

  1. If you have not explicitly requested these options when you upgraded to a paid plan, let us know that you would like to use them.
  2. Through your DNS provider, create a CNAME record pointing to the portal domain or subdomain, with your custom domain as the hostname. The process to do that will vary depending on your DNS provider.
Last updated: 3/2/2021, 10:14:15 AM