> ## Documentation Index
> Fetch the complete documentation index at: https://docs.abbyy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure AD as an OAuth 2.0 External Identity Provider

> Configure Azure Active Directory (Azure AD) as an OAuth 2.0 External Identity Provider for ABBYY Vantage: register the app, set claims, and link the tenant.

## Prerequisites

Before configuring Azure Active Directory to be used as an External Identity Provider, create an application registration. Registering your application establishes a trust relationship between your application and the External Identity Provider.

To create the application, follow these steps:

<Steps>
  <Step title="Open the Azure Portal">
    Go to [Azure Portal](https://portal.azure.com/) and sign in. In the pane on the left, select **Azure Active Directory**.
  </Step>

  <Step title="Open App registrations">
    In the pane on the right, select **App registrations** and click **New registration**.

    <Frame>
      <img src="https://mintcdn.com/abbyy/jZX7kaKQgdxaDiIT/images/vantage/tenant-admin/sysadmin_identityprovider_azuread_1.png?fit=max&auto=format&n=jZX7kaKQgdxaDiIT&q=85&s=516dc38daf0522bc12250b5f5a8cc010" alt="Azure AD App registrations pane with the New registration button highlighted" width="1880" height="840" data-path="images/vantage/tenant-admin/sysadmin_identityprovider_azuread_1.png" />
    </Frame>
  </Step>

  <Step title="Fill in the registration form">
    Specify the following:

    * **Name** — a name for the application.
    * **Supported account types** — select **Accounts in this organizational directory only (ABBYY only - Single tenant)**.
    * **Redirect URI** — for each Vantage URL that should authenticate using this account, enter `https://<your-vantage-url>/auth2/signin-oidc`.

    <Frame>
      <img src="https://mintcdn.com/abbyy/jZX7kaKQgdxaDiIT/images/vantage/tenant-admin/sysadmin_identityprovider_azuread_5.png?fit=max&auto=format&n=jZX7kaKQgdxaDiIT&q=85&s=555f69b01ed5eb5abd3683cb079c4c50" alt="Azure AD application registration form with name, supported account types, and redirect URI fields" width="624" height="557" data-path="images/vantage/tenant-admin/sysadmin_identityprovider_azuread_5.png" />
    </Frame>
  </Step>

  <Step title="Register the application">
    Click **Register**.
  </Step>
</Steps>

This completes the registration of your application in Azure Active Directory. After you have completed the steps above, you will need to set up Azure Active Directory to be used as an External Identity Provider.

## Set up Azure Active Directory

To set up Azure Active Directory, follow these steps:

<Steps>
  <Step title="Open the application Overview page">
    On the **Overview** page of your application, save the values of **Application ID URI** and **Directory (tenant) ID**, then click the value of **Redirect URIs**.

    <Frame>
      <img src="https://mintcdn.com/abbyy/jZX7kaKQgdxaDiIT/images/vantage/tenant-admin/sysadmin_identityprovider_azuread_3.png?fit=max&auto=format&n=jZX7kaKQgdxaDiIT&q=85&s=d5ceda3161250edfe3d970094995ab33" alt="Azure AD Overview page showing Application ID URI, Directory tenant ID, and Redirect URIs values for the registered application" width="1235" height="296" data-path="images/vantage/tenant-admin/sysadmin_identityprovider_azuread_3.png" />
    </Frame>
  </Step>

  <Step title="Configure tokens">
    Select **Access tokens** and **ID tokens**, then click **Save**.

    <Frame>
      <img src="https://mintcdn.com/abbyy/jZX7kaKQgdxaDiIT/images/vantage/tenant-admin/sysadmin_identityprovider_azuread_4.png?fit=max&auto=format&n=jZX7kaKQgdxaDiIT&q=85&s=60616e66cebb2cc7c456043654b1d24d" alt="Azure AD token configuration with Access tokens and ID tokens checkboxes selected" width="916" height="261" data-path="images/vantage/tenant-admin/sysadmin_identityprovider_azuread_4.png" />
    </Frame>
  </Step>
</Steps>

## Next steps

Once Azure AD is configured, connect it to your Vantage tenant. You'll need:

* The **Application (Client) ID** (from step 1 above).
* The Azure AD URL in the format `https://login.microsoftonline.com/<Directory-tenant-ID>`.

For the Vantage-side setup, see [Setting up an External Identity Provider for a tenant](/vantage/documentation/tenant-admin/tenant-management/configuring-tenant).

## Related topics

<CardGroup cols={2}>
  <Card title="Configuring an OAuth 2.0 External Identity Provider" icon="key" href="/vantage/documentation/tenant-admin/tenant-management/oauth-2-0">
    Overview of OAuth 2.0 setup for AD FS or Azure AD
  </Card>

  <Card title="Active Directory as an OAuth 2.0 External Identity Provider" icon="shield-halved" href="/vantage/documentation/tenant-admin/tenant-management/oauth-2-0-active-directory">
    Configure on-premises AD FS instead of Azure AD
  </Card>

  <Card title="Setting up an External Identity Provider for a tenant" icon="sliders" href="/vantage/documentation/tenant-admin/tenant-management/configuring-tenant">
    Connect Azure AD to your Vantage tenant
  </Card>

  <Card title="Testing external authentication" icon="vial" href="/vantage/documentation/tenant-admin/tenant-management/testing-external-auth">
    Verify the External Identity Provider before users sign in
  </Card>
</CardGroup>