# Microsoft Azure AD

Curiosity supports Single Sign-On using Microsoft Azure Active Directory (Azure AD).

# Prerequisites

You will need the following information from the Azure Portal:

• Tenant ID (Directory ID)
• Client ID (Application ID)
• Client Secret

# Configuration Steps

# 1. Register an Azure Application

1. Sign in to the Azure Portal.
2. Search for and select App registrations.
3. Click + New registration.
4. Enter a name (e.g., "Curiosity SSO") and select Accounts in this organizational directory only.
5. Set the Redirect URI type to Web and enter: {domain}/api/microsoftsso/completed-login-attempt
6. Click Register.
7. Note the Application (client) ID and Directory (tenant) ID from the Overview page.

# 2. Generate a Client Secret

1. In the app registration, go to Certificates & secrets.
2. Click + New client secret.
3. Provide a description and choose an expiration period.
4. Click Add and copy the secret value immediately; it will not be shown again.

# 3. Configure API Permissions

1. Go to Expose an API and click + Add a scope.
2. Save the Application ID URI and set a scope name (e.g., "SSO").
3. Go to Token configuration and click + Add optional claim.
4. Select ID token type and check email.
5. When prompted, turn on the Microsoft Graph email permission.

# 4. Enter Details in Curiosity

1. In Curiosity, go to Manage > Settings > Accounts > Single Sign-On.
2. Select Microsoft.
3. Enter the Tenant ID, Client ID, and Client Secret.
4. Click Save.

# Troubleshooting

• Ensure the Tenant ID, Client ID, and Client Secret are entered in the correct fields in Curiosity.
• Verify the Redirect URI matches exactly between Azure and Curiosity.