

To complete the set up of SSO authentication using the Azure AD provider, you need:
For more information, see Custodian Portal Authentication Provider.
Portal SSO authentication requires a reference to a dedicate Azure application that has the appropriate permission. This needs to be done on the client side by an Azure user with sufficient rights.
Register the Relativity application to gain access to Microsoft Azure AD. Access to Azure AD gives Relativity the ability to complete multiple tasks.
Start registering your app by following the steps below:
Note: The application registration process needs to be done by an Azure Administrator with sufficient privileges.
A client secret from Microsoft Azure AD is needed to integrate Microsoft and Relativity.
To create a client secret:
In the left-navigation menu, click Certificates & secrets.
Navigate to the Client secrets tab.
Click the New Client Secret button.
Note: Do not navigate away from the page once the client secret is created.
Populate the Description and Expires fields. You can leave the default, or recommended, values.
Click the Add button.
If the client secret was successfully created, you will see the Client Secret displayed on the table and the Value field should be displayed in plain text.
Copy the Value field and store it safely.
If you leave the page and comeback to get the value the Value field will be masked and you will not be able to copy it
You can repeat steps 4-5 to generate a new client secret.
Open the application to view the application's homepage. From the app's page, add permissions to the web API.
To add permissions:
At this point the Application should be full configured. It can take a few minutes to update
Continue adding the Azure AD application by navigating to the Custodian Portal Authentication Provider tab located within the Hold Admin tab.
Do the following on the Custodian Portal Authentication Provider tab:
Note: The TenantID is unique identifier (Guid) of your Azure tenant (domain). The Directory (tenant) ID on the App Overview page in the Azure Portal. This information can be provided by your Azure admin.
You will use the copied Authority Redirect URL from the Custodian Portal Authentication Provider tab in the previous section in this section. Navigate back to the newly created application in Azure Portal window.
In Azure Portal, navigate to the Overview page for the application being used for the integration and follow the steps below.
Using the left navigation column, click into the Authentication page.
Click the Add a platform button.
Click the Web drop-down text.
Paste over the Redirect URL you generated earlier.
Click the Configure button.
For more information on adding a redirect URL to Azure, see Microsoft’s documentation.
Note: It can take up to 10 minutes until the Custodian Portal Authentication Provider settings to go into effect. To speed up the update, you will need to create/modify Instance setting with a shorter time rate refresh.
Follow the steps below to enable ID tokens for the Azure application for Custodian Portal SSO.
In the left-navigation menu, select Authentication.
Scroll to Implicit grant and hybrid flows section.
Check the ID Tokens (used for implicit and hybrid flow) box.
Click Save.
If unsure about what to put under the Subject Claim Type and Claim ID Verification Field columns in SSO setup, you will need to use the Troubleshoot Claims option.
On this page
Why was this not helpful?
Check one that applies.
Thank you for your feedback.
Want to tell us more?
Great!