Set up Microsoft as an identity provider

Last updated on February 12, 2024

Overview

This guide helps you connect Microsoft Accounts to the AccelByte Gaming Services (AGS) Admin Portal. You may need to set up additional features within Microsoft Azure services which aren't listed here. For full information about setting up Microsoft Azure services, we recommend contacting your Microsoft representative and reviewing Microsoft Azure documentation directly.

Goals

Enable the Microsoft authentication method for your Admin Portal website.

Prerequisites

• A Microsoft Azure Active Directory account with permission to create the Enterprise Application Microsoft Azure Active Directory.
• An AccelByte Admin Portal Account to set up authentication and manage permissions.

Set up Microsoft Azure

Create an enterprise application

Create an enterprise application (non-gallery application) under your Azure Active Directory. Follow the Add an enterprise application Guide and Create your own application.

Set up SAML single sign-on

Set up SAML single sign-on for your enterprise application. Follow the Enable single sign-on for an enterprise application Guide

note

Contact Customer Support to get the guide from AccelByte if you have trouble setting up on Microsoft Azure.

Set up an Admin web login for Microsoft Azure

Configuration steps

1. Log in to the AccelByte Admin portal, use your Publisher Namespace, and click Login Methods below the User Management sidebar. Next, click + Add New.

   

2. Click on Microsoft.

   

3. Fill in the credentials from the Microsoft Azure Portal and click Create.

   

note

* App ID is your "Identifier (Entity ID)" from the "Basic SAML Configuration" section in the "Set up Single Sign-On with SAML. \
Note: "Since we are using a non-URI format when setting up the Azure Application SAML, once you create the configuration it automatically adds an “spn:” prefix to your App ID (see point number four below).
* ACS URL is your "Reply URL (Assertion Consumer Service URL)" from the "Basic SAML Configuration" section in  "Set up Single Sign-On with SAML".
* Federation Metadata URL is "App Federation Metadata Url" from "SAML Certificates" section in the "Set up Single Sign-On with SAML"

4. The system redirects you to the detail page; activate and use it.

   

Log in to the Admin Portal with Microsoft account credentials

Once you're set up on Azure's Portal Partner and AccelByte's Admin Portal, you can test logging users in to AccelByte.

1. Go to your Admin Portal and log in with Microsoft (click the Microsoft logo).

   

2. Type your Microsoft account credentials as a registered user of Azure Enterprise.

   

3. The account gets a 403 error when users log in in for the first time. The user should contact the Admin Portal administrator and ask for a Super Admin or Game Admin role to enable logging in to the Admin Portal.

   

4. The user should retry logging in after they get a Super Admin or Game Admin role.

   

Giving role to new user of Admin Portal

1. Open the account overview.

   

2. Select the Roles tab, then + Add role.

   

3. Assign an Admin Portal role.

   

4. Here is an example showing a user assigned a new role: