Set up Microsoft as an identity provider
Overview
This guide helps you connect Microsoft Accounts to the AccelByte Gaming Services (AGS) Admin Portal. You may need to set up additional features within Microsoft Azure services which aren't listed here. For full information about setting up Microsoft Azure services, we recommend contacting your Microsoft representative and reviewing Microsoft Azure documentation directly.
Goals
Enable the Microsoft authentication method for your Admin Portal website.
Prerequisites
- A Microsoft Azure Active Directory account with permission to create the Enterprise Application Microsoft Azure Active Directory.
- An AccelByte Admin Portal Account to set up authentication and manage permissions.
Set up Microsoft Azure
Create an enterprise application
Create an enterprise application (non-gallery application) under your Azure Active Directory. Follow the Add an enterprise application Guide and Create your own application.
Set up SAML single sign-on
Set up SAML single sign-on for your enterprise application. Follow the Enable single sign-on for an enterprise application Guide
Contact Customer Support to get the guide from AccelByte if you have trouble setting up on Microsoft Azure.
Set up an Admin web login for Microsoft Azure
Configuration steps
In the AGS Admin portal, go to your publisher namespace.
On the sidebar menu, go to Game Setup > 3rd Party Configuration > Auth & Account Linking.
On the Login Methods page, click on the + Add New button.
From the list of login method options, select Microsoft.
Fill in the credentials from the Microsoft Azure Portal and click Create.
note- App ID is your ID (Entity ID) from the Basic SAML Configuration section in the Set up Single Sign-On with SAML. Since we are using a non-URI format when setting up the Azure Application SAML, once you create the configuration it automatically adds an
spn:
prefix to your App ID (see point number four below). - ACS URL is your Reply URL (Assertion Consumer Service URL) from the Basic SAML Configuration section in Set up Single Sign-On with SAML.
- Federation Metadata URL is the "App Federation Metadata URL" from the SAML Certificates section in the Set up Single Sign-On with SAML/
- App ID is your ID (Entity ID) from the Basic SAML Configuration section in the Set up Single Sign-On with SAML. Since we are using a non-URI format when setting up the Azure Application SAML, once you create the configuration it automatically adds an
The system redirects you to the detail page; activate and use it.
Log in to the Admin Portal with Microsoft account credentials
Once you're set up on Azure's Portal Partner and AccelByte's Admin Portal, you can test logging users in to AccelByte.
Go to your Admin Portal and log in with Microsoft (click the Microsoft logo).
Type your Microsoft account credentials as a registered user of Azure Enterprise.
The account gets a 403 error when users log in in for the first time. The user should contact the Admin Portal administrator and ask for a Super Admin or Game Admin role to enable logging in to the Admin Portal.
The user should retry logging in after they get a Super Admin or Game Admin role.
Assign role to new Admin Portal users
In the AGS Admin portal, go to your publisher namespace.
On the sidebar menu, go to Admin Task > Admin Management.
Find the user with the role you want to update and click on their corresponding View option to open their details page.
Select the Roles tab, then click on + Add role.
From the dropdown, select an Admin Portal role.
Here is an example showing a user assigned a new role: