Skip to main content

Set up Microsoft as an identity provider

Last updated on October 24, 2024

Overview

This guide helps you connect Microsoft Accounts to the AccelByte Gaming Services (AGS) Admin Portal. You may need to set up additional features within Microsoft Azure services which aren't listed here. For full information about setting up Microsoft Azure services, we recommend contacting your Microsoft representative and reviewing Microsoft Azure documentation directly.

Goals

Enable the Microsoft authentication method for your Admin Portal website.

Prerequisites

  • A Microsoft Azure Active Directory account with permission to create the Enterprise Application Microsoft Azure Active Directory.
  • An AccelByte Admin Portal Account to set up authentication and manage permissions.

Set up Microsoft Azure

Create an enterprise application

Create an enterprise application (non-gallery application) under your Azure Active Directory. Follow the Add an enterprise application Guide and Create your own application.

Set up SAML single sign-on

Set up SAML single sign-on for your enterprise application. Follow the Enable single sign-on for an enterprise application Guide

note

Contact Customer Support to get the guide from AccelByte if you have trouble setting up on Microsoft Azure.

Set up an Admin web login for Microsoft Azure

Configuration steps

  1. In the AGS Admin portal, go to your publisher namespace.

  2. On the sidebar menu, go to Game Setup > 3rd Party Configuration > Auth & Account Linking.

  3. On the Login Methods page, click on the + Add New button.

    AccelByte Admin Portal Login

  4. From the list of login method options, select Microsoft.

    Microsoft

  5. Fill in the credentials from the Microsoft Azure Portal and click Create.

    Microsoft Create Configuration

    note
    • App ID is your ID (Entity ID) from the Basic SAML Configuration section in the Set up Single Sign-On with SAML. Since we are using a non-URI format when setting up the Azure Application SAML, once you create the configuration it automatically adds an spn: prefix to your App ID (see point number four below).
    • ACS URL is your Reply URL (Assertion Consumer Service URL) from the Basic SAML Configuration section in Set up Single Sign-On with SAML.
    • Federation Metadata URL is the "App Federation Metadata URL" from the SAML Certificates section in the Set up Single Sign-On with SAML/
  6. The system redirects you to the detail page; activate and use it.

    Activate Microsoft

Log in to the Admin Portal with Microsoft account credentials

Once you're set up on Azure's Portal Partner and AccelByte's Admin Portal, you can test logging users in to AccelByte.

  1. Go to your Admin Portal and log in with Microsoft (click the Microsoft logo).

    Admin Portal Login

  2. Type your Microsoft account credentials as a registered user of Azure Enterprise.

    Microsoft Login

  3. The account gets a 403 error when users log in in for the first time. The user should contact the Admin Portal administrator and ask for a Super Admin or Game Admin role to enable logging in to the Admin Portal.

    Admin Portal First Login

  4. The user should retry logging in after they get a Super Admin or Game Admin role.

    Admin Portal Login

Assign role to new Admin Portal users

  1. In the AGS Admin portal, go to your publisher namespace.

  2. On the sidebar menu, go to Admin Task > Admin Management.

  3. Find the user with the role you want to update and click on their corresponding View option to open their details page.

    Admin Portal Account Overview

  4. Select the Roles tab, then click on + Add role.

    Admin Portal Account Roles Tab

  5. From the dropdown, select an Admin Portal role.

    Admin Portal Account Roles Tab

    Here is an example showing a user assigned a new role:

    Admin Portal Roles List