Deltek PIM 22.0 Online Help

Create an Azure AD Application

You add and configure the PIM application in an instance of Azure AD.

Pre-requisites: You must already have an instance of Azure AD set up and configured for your users.

To create an Azure AD application for PIM:

  1. In a browser, navigate to https://www.portal.azure.com/ and sign in to the Azure portal.
  2. Click Azure Active Directory.
  3. From the Manage menu, click App registrations.
  4. On the App Registrations screen, in the available actions, click New registration.
  5. On the Register an application screen, enter the following information:
    1. In the Name field, enter Deltek PIM.
    2. Under Supported account types, select the Accounts in this organizational directory only option.
    3. Under Redirect URI, select Web, and then enter your customer URL, followed by the relative redirection endpoint - /xweb/security/identityproviderredirect.aspx.
      For example:

      https://pim.deltek.com/xweb/security/identityproviderredirect.aspx

  6. Click Register.
    The application is created in Azure AD, and the properties of the Deltek PIM application are displayed.
  7. To copy the tenant and app ID values, do the following:
    1. From App registrations in Azure AD, select the PIM application.
    2. Copy the Directory (tenant) ID and Application ID values to a text file. You will use these values when you configure single sign-on in the PIM application.
  8. To configure authentication, do the following:
    1. From the Manage menu, select Authentication.
    2. On the Authentication screen, under Redirect URIs > Implicit grant and hybrid flows, select ID tokens (user for implicit and hybrid flows).
    3. Under Redirect URIs > Support account types, select Accounts in this organizational directory only.
    4. Under Advanced Settings > Allow public client flows, select No for the Enable the following mobile and desktop flows setting.
    5. Click Save.
  9. To create a client secret, do the following:
    Client secret keys provide additional security, but they are not required for SSO to work in PIM. If you create a client secret with an expiration, you are advised to set a reminder to update the client secret a few weeks before it expires to ensure that users can still continue to log into PIM using SSO. When you update the client secret, you must remember to also update it in the PIM application.
    1. From the App Registrations menu, click Certificates and Secrets.
    2. Click Client secrets > New client secret.
    3. Enter a description, such as Deltek PIM Azure AD, and then select an expiration time.
    4. Click Add.
    5. Copy the client secret value. You will not be able to retrieve this key later.

Post-requisites: You can now Configure PIM for Single Sign-On using the app details that you copied.