Azure AD SSO
Last updated
Last updated
Azure AD provides secure identity management and single sign-on to applications that you can add to your Azure Active Directory. From Azure AD, you can provision users who should have access to Paradime i.e. any user added to your Azure AD application, will be able to register / login to Paradime.
Log into the Azure portal and select Azure Active Directory page, choose the relevant directory where you want to register the new application.
On the left panel under Manage, select App registrations
On the top of your screen click on the + New registration button
In the in the Name field enter Paradime
In the Supported account types select Accounts in this organizational directory only (single tenant)
From the dropdown, select the Web
option, enter the Redirect URI based on your region and click on the Register
button.
Region
Redirect URI
eu-central-1 (EU - Frankfurt)
https://auth.paradime.io/login/callback
eu-west-1 (EU - Ireland)
https://auth.paradime.io/login/callback
eu-west-2 (EU - London)
https://auth.paradime.io/login/callback
us-east-1 (US East - N. Virginia)
https://auth.us.paradime.io/login/callback
ap-southeast-1 (Asia Pacific - Singapore)
https://auth.ap.paradime.io/login/callback
ap-southeast-2 (Asia Pacific - Sydney)
https://auth.ap.paradime.io/login/callback
On the left panel under Manage, select API permissions
Click on + Add permissions
Choose Microsoft Graph and select Delegated permissions
Select the permission as per the table below and click Add permission
API Name
Type
Permission
Microsoft Graph
Delegated
User.Read
Microsoft Graph
Delegated
Directory.Read.All
Microsoft Graph
Delegated
Directory.AccessAsUser.All
Now click on Grant admin consent to complete configuring the permissions required. You should see the Status column
with a ✅ for the 3 permissions just granted
Now that you registered the application and granted the appropriate API permissions, you will want to assign the list of users that you want to enable to register / login to Paradime.
Navigate back to the Azure Active Directory where you created the nee application and from the left panel select Enterprise Applications
From the list, select the application you just created
In the left panel now select Users and groups
Click on + Add user/group and assign from your list the users/group you want to enable to register / login into Paradime
Now that the app is configured with the required API permissions and users have been added to our Paradime enterprise application, we will need generate a Client secret and collect the Client ID and Azure AD primary domain.
To find the Azure AD domain, navigate to your Azure Directory home screen, you will find the Primary domain in the Basic information
section
To find your Client ID, on the left panel under Manage, select App registrations
Select the Application you created the previous steps and in the Overview
page copy the Application (client) ID
Under Manage, click Certificates & secrets
Click +New client secret
Name the client secret "paradime" (or similar) to identify the secret
Select 730 days (24 months) as the expiration value for this secret (recommended)
Click Add to finish creating the client secret value (not the client secret ID)
Record the generated client secret somewhere safe. Later in the setup process, we'll use this client secret in dbt Cloud™️ to finish configuring the integration.
Contact the Paradime Support team at support@paradime.io and share the following information:
Your Microsoft Azure AD Domain
Client ID
Client Secret
Paradime Support will process your request. After receiving a confirmation email, you can start logging into Paradime and only users in your Azure AD will be login to your account in Paradime using SSO.