Azure SSO and Certificates

I am setting up Azure AD SSO for several reasons, as we are getting ready for 2022.2+.

My boss asked me to ask about this part (pic below) - the “certificates” and “secrets” section. Does anyone use this? @Mark_Wonsil ?

It’s over my head; this is all foreign to me. But my boss has lots of experience with Azure (he set it up here, for example) and in previous jobs, he was accustomed to setting up this section.

Epicor’s guides don’t mention it, but I get it, that’s not necessarily their purpose.

Certs in Azure948×639 70.5 KB

[Edit: to clarify, I do have Azure SSO working just fine. This isn’t a setup troubleshoot. I’m asking for opinions.]

Jason,
I haven’t used this for SSO, but I have used it for Sharepoint integration.

Use Certificate Maintenance in Epicor to either upload an existing certificate or generate a new, self-signed one, then upload that to Azure.

This article (you’ll need to be authenticated) has links to all of the sections you should need: https://kinetichelp222.epicor.com/hc/en-us/articles/9682968520973-Understanding-Azure-AD-Authentication

Interesting - I didn’t know they had an article on this.

So, I found it by searching " Understanding Azure AD Authentication." The link does not work, even when I am logged into Kinetic 2022.2.

Maybe if I open any help article, then click your link.

Well, I take that back. This is just the same info as is in the ERP install guide. They just gave it a different name:

image1773×521 105 KB

The certificate here is for when this application wants to authenticate to another service using Public Key Cryptography. It is not required for Azure AD/Entra authentication to Kinetic.

More info here:

If you want to get into the weeds of how to use a certificate to authenticate to other services…

Perfect, thank you.

I see the from @Olga so that’s a bonus approval to this answer.

Example when we use certs - SharePoint attachments, when attached from server.
Example when we use secret - 0365 Emails settings