Web application sign-in flow with Azure Active Directory

When an Itron service is requested by an unauthenticated user, the user's browser redirects to Itron's Identity Service, where the user is authenticated against the Azure Active Directory domain. If the authentication is successful, the Identity Service redirects the browser—along with a verifiable security token—back to the originally requested service.

The following flow diagram depicts a high-level overview of the sign-in process. A step-by-step description of the process flow follows.

1. From a web browser (A), a secure connection is established with the Itron Identity Service application (B) using a unique URL (for example, https://subdomain.itrontotal.com).

2. The Identity Service application (B) redirects a request for user credentials to the web browser (A).

3. The user credentials are sent from the web browser (A) to the Microsoft Azure Identity service (C).

4. If the credentials are accepted, the Microsoft Azure Identity service (C) provides a redirected URL along with a security token () back to the browser (A).

5. Using the newly provided URL, the web browser (A) sends the security token () to the service originally requested from the Itron Identity Service application (B).