With Azure Active Directory (AD) your users will be able to login to Twine with their Active Directory username and password.
Once the user has authorised Twine access to their user's basic profile information they will stay logged in to Twine. Twine will sync Active Directory profile information, profile image, department and office.
To setup Azure AD with Twine, someone familiar with Azure will need to follow this tutorial.
From the Azure portal (https://portal.azure.com/#home)
Create the Azure AD app
Navigate to Azure Active Directory > App Registrations
Create the app by tapping "New registration"
Set "Name" as "Twine" (this will be displayed to users on login)
Set "Application type" as "Web"
Set "Redirect URI" to the login page of your twine e.g. https://<your twine subdomain>.twineapp.com/login/callback/azure
Tap "Register", then make a note of your application (client) ID and Directory (tenant) ID on the next page
Tap "View API Permission" on the current screen
Under the API table, tap "Add API Permission" then scroll to the bottom of the list and tap "Azure Active Directory Graph"
Under the delegated permissions tab, Enable the permissions "Access the directory as the signed-in user" and "Sign in and read user profile"
Tap "Add Permissions"
Then Tap "Certificates and Secrets" from the Settings on the left
Add a "Add new client secret"
Value: This will be revealed when you hit "Save"
Securely copy down the API key for use later
Securely sending Azure AD App settings
Now we'll need to send this information securely to your Twine account manager.
- Navigate to https://onetimesecret.com/
- Paste in the following information: Application (client) ID, Directory (tenant) ID & the Client Secret value from above.
- Set a passphrase
- Let the link expire within a day
- Tap "Create a secret link"
- Copy and paste that link to your Twine account manager in an email directly with the passphrase that they will need.
- They then open it, securely make a note of it. The link and content at that point will expire. They will then RSVP that they have received the information correctly