...
First register your Grand Avenue instance in your external identity provider and authorize it for the operations it needs for SSO.
Under App registrations select the New registration option
Complete the fields to register Grand Avenue
The redirect URI for a Grand Avenue instance can be found at Configure Authentication Management → Configure Single Sign On
You should register the Redirect URIURIs for each all Grand Avenue instance that instances with users that will need to authenticate against your SSO provider. For hosted Grand Avenue customers, this will include each of your sites:Production - https://<customername>/GrandAvenue/Authentication/authorization-code/callback
Training - https://<customername>/Training/Authentication/authorization-code/callback
Upgrade - https://<customername>/Upgrade/Authentication/authorization-code/callback
Evaluation - https://eval.grandavenue.com/<customername>/Authentication/authorization-code/callback
Configure the necessary settings for the Grand Avenue registration in Azure AD
Under Authentication endure both “Access tokens” and “ID tokens” are selected.
Under Token Configuration, select Add optional claim and add the following:
When prompted, check the box to “Turn on the Microsoft Graph email permission” and click Add
Under API permissions, select Add a permission and set up as identified below:
Under API permissions select Grant admin consent for Grand Avenue Software and select “Yes” to confirm
Add information to Grand Avenue. Navigate to the “Configure Single Sign On” via Configure Authentication Management → Configure Single Sign On
Change the Single Sign On Enabled? dropdown to “Yes”
Complete the required fields and click Save.
The Provider Name entered here will be displayed to users on the Sign In page as "Sign in with <provider name>" (e.g., "Sign in with Azure AD")
The other fields must be populated with information from the Grand Avenue registration you created above.
...