Register PCS AIM server as an application in Azure Active Directory

As a system administrator in an organization, you need to register AIM into Azure Active Directory as an application.

The following steps assume that the customer already has an account in Microsoft Azure Active Directory:

1. Login into https://portal.azure.com. This brings you to the home page of Azure Active Directory.

2. Select Manage Azure Active Directory.

   If necessary, create or switch tenant, depending on where the end user's Microsoft account is.

3. From the Overview page, add Application registration.

4. Enter the Name, account type, and leave the Redirect URI (optional) empty, and then register.

5. After the application is created, select Add a Redirect URI.

   

6. Select Add a platform, and in the Configure platforms window, select Web.

   

   

7. In the Configure Web window, set the Redirect URIs as below:

   https://{FQDN}/identitymanager/signin-azuread or (+ https://localhost/identitymanager/signin-azuread).

   

   Note: Redirect URIs are case-sensitive, so be sure to match with the AIM server URI setting of the AVEVA applications.

8. Allow the application to generate ID tokens. From Manage, select Authentication, and then select the Access Tokens and ID Tokens checkboxes under Implicit grant.

   

9. To add group claims to optional claim, select Token Configuration, then Add optional claims, then Add groups claim, and Save.

   For getting the Roles claims, see Set the Azure Active Directory for role enumeration.