# Advanced configuration options
# Microsoft as an identity provider (via Azure AD)
If you want to allow users to authenticate with their Microsoft account, use Azure Active Directory (opens new window) (AD) to support it. The following steps assume that you already have access to Azure AD, so they only explain the necessary steps to configure the Signicat Sign Portal.
Only administrators can configure Azure AD as an identity provider.
- Register a new application in the Azure portal. For further information, refer to the Microsoft documentation (opens new window). When prompted to add a redirect URI, use this one:
- Log in to the Sign Portal, click the menu on the top right and go to Settings > Portal.
- Select "Azure Active Directory Login" and fill in the fields that appear with the required information:
- Client ID: enter your Azure Active Directory client ID.
- Client Secret: enter the client secret. If you don't have one, or can't remember it, you can create a new one (see this section (opens new window) of the Microsoft documentation).
- Tenant ID: enter the Tenant ID, which will vary based on your situation. Refer to this section (opens new window) of the Microsoft documentation to learn more about these values and decide which one best fits your use case.
- Click "Save".
- Click "Enable" (at the top of the Azure AD configuration area).
What if I haven't set up Azure AD yet?
In some cases, you may not have an Azure AD configuration. Most likely, for example, you're just trying out the portal. In this case, you can select "Use Signicat's Azure AD client", choose which accounts to allow, and click "Enable". This allows you to get Azure AD up and running for testing without having to use your own configuration yet.
# Custom domains
Custom domains are separate add-on options to your paid plan. There are two types: app domain, which refers to the URL of the portal and the email domain that goes with it, and subdomain, which refers to the URL that signers will access to sign the orders that you send them.
To set them up:
- If you have not explicitly requested these options when you upgraded to a paid plan, let us know that you would like to use them.
- Through your DNS provider, create a CNAME record pointing to the portal domain or subdomain, with your custom domain as the hostname. The process to do that will vary depending on your DNS provider.