Azure AD Authentication Integration
Edition: SaaS Enterprise
Guide objective:
Follow this guide to configure Azure AD authentication for Agile Data Engine.
Prerequisites
To enable authentication with your Azure Active Directory tenant to Agile Data Engine, you will need:
Agile Data Engine SaaS Enterprise edition (or higher)
One of the following roles on your AAD tenant to add and configure an enterprise application:
Global Administrator
Cloud Application Administrator
Application Administrator
At the moment it is not possible to fully complete setting up the integration without contacting Agile Data Engine support. Follow this guide to create and configure an enterprise application in your AAD tenant. After completing the configuration, provide the instructed details to Agile Data Engine support.
Create an enterprise application
Navigate to Azure Portal and to your Azure Active Directory tenant.
In Enterprise applications click New application and select Create your own application.
Name your application (e.g. Agile Data Engine), select Integrate any other application you don't find in the gallery (Non-gallery) and click Create.
Configure redirect URLs
Navigate back to your AAD tenant and click App registrations.
Find the application you created, open it and click Authentication.
Set Redirect URIs for all environments in the following format:
https://external.{ENVIRONMENT}.datahub.{TENANT}.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
Tenant name is part of the URL of your Agile Data Engine account. Environment names are listed in the Designer front page under Environments.
For example:
https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
https://external.dev.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
https://external.test.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
https://external.prod.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/broker/ad/endpoint
4. Set Front-channel logout URL in the following format:
https://external.design.datahub.{TENANT}.saas.agiledataengine.com/authenticator/realms/ade/protocol/openid-connect/logout
For example:
https://external.design.datahub.s1234567.saas.agiledataengine.com/authenticator/realms/ade/protocol/openid-connect/logout
Create an application client secret
In Certificates & secrets click New client secret.
Set an appropriate expiry time, click add. Store the secret value securely and prepare to share it with Agile Data Engine support.
Take note of the expiry date and always plan ahead to update the secret in time.
Token configuration
In Token configuration click Add optional claim, select token type ID, select claim upn, click Add.
Check box Turn on the Microsoft Graph profile permission in the dialog and click Add.
Share details with Agile Data Engine support
Share the following details securely with Agile Data Engine support:
Application (client) ID
OAuth 2.0 token endpoint (v1)
OAuth 2.0 authorization endpoint (v1)
Client secret
You will find these details from the Overview and Endpoints tabs:

Client secret values are only shown immediately after creation. If you did not store the secret, you can always create another one.
After the support team has configured your account for AAD authentication, users can access Agile Data Engine with their AAD accounts.
Add users
Navigate to Enterprise applications in your AAD tenant and select the application you created for Agile Data Engine.
Open the Users and groups tab.
Click Add user/group to add individual users and/or security groups to the application.
Log in with AAD
After the configuration is complete, navigate to your Agile Data Engine account and select Continue with ad:
Log in with your AAD account.