This configuration example has been tested by using Ubisecure SSO 8.6 and Azure AD Free license in Feb 2021.

Ubisecure Identity Platform can be configured to use external Identity Providers for user authentication. The prerequisite is that the Identity Provider implements one of the protocols supported by Ubisecure Identity Platform, typically SAML2 or OpenID Connect. For the list of all supported protocols, please refer to Authentication methods - SSO.

Microsoft Azure AD supports both SAML2 and OpenID Connect. This article describes how Azure AD can be configured as Identity Provider with OpenID Connect. For using SAML2 for the integration, please refer to https://ubisecuredev.atlassian.net/wiki/display/KNB/Lab+2.5%3A+Federation+Configuration.

Register Azure AD application

...

3. Click on Endpoints and save the OpenID Connect Metadata address, it will be needed in the next phase.

Create Ubisecure SSO authentication method

Note: With Ubisecure SSO 8.8.x or later, you can choose to use the Management User Interface instead of the Management API for configuring the OpenID Connect method:  https://ubisecuredev.atlassian.net/wiki/display/KNB/Configure+OpenID+Connect+authentication+method+in+SSO+Management+UI.

Identity Providers are configured as authentication methods for Ubisecure Identity Platform. You need to use the Ubisecure SSO Management API for creating and configuring Azure AD as an authentication method. If you haven't enabled the Management API in your environment, use the instructions here to do it first: Management API configuration - SSO.

...