SSO Configuration - Microsoft Entra ID
This guide will walk you through integrating Single Sign-On (SSO) with Microsoft Entra ID (formerly Azure AD) to allow your users to access InfoSum using their Microsoft credentials. With this setup, user authentication will be managed securely by Microsoft’s identity provider, simplifying your access management process.
To complete the setup, you will:
- Register your application with Microsoft Entra ID.
- Configure authentication settings.
- Retrieve key credentials (Client ID, Client Secret, and OIDC Discovery URI).
At the end of this guide, you’ll also find troubleshooting tips for common integration issues.
Note: Ensure you have administrative access to your Microsoft Entra ID tenant to register an application. If you're new to Entra ID, refer to Microsoft’s app registration quickstart documentation.
Step-by-Step Guide
Step 1: Register a New Application in Microsoft Entra ID
Log in to the Microsoft Entra Admin Center:
- Sign in as a Cloud Application Administrator.
Register a New App:
- Navigate to Identity > Applications > App registrations and select New registration.
Enter App Registration Details:
- Name: Choose a descriptive name, e.g., “SSO for InfoSum”.
- Supported Account Types: Select Accounts in this organizational directory only.
- Redirect URI: Choose Web and input the Redirect URI provided by InfoSum (e.g., https://accounts.infosum.com/authorization-code/callback/{customername-IDPType}).
Complete Registration:
- Click Register to finalize the application setup.
Step 2: Configure Authentication Settings
-
Open Your Registered App:
- From App Registrations, select your app and navigate to Authentication.
-
Verify Platform Configuration:
- Under Platform Configurations, confirm that Web is selected.
- Ensure the Redirect URI matches exactly what InfoSum provided, paying attention to case sensitivity.
-
Enable ID Tokens:
- Under Implicit grant and hybrid flows, enable ID tokens to allow OIDC protocol authentication.
Step 3: Create a Client Secret
-
Navigate to Certificates & Secrets:
- Select Certificates & secrets from the left-hand menu.
-
Add a New Client Secret:
- Under Client Secrets, select New client secret.
- Description: Enter a description like “SSO Integration”.
- Expiration: Choose a suitable expiration period (e.g., 6 or 12 months).
-
Save the Client Secret:
- Copy the client secret value (not the client secret ID) immediately, as it won’t be visible again.
Step 4: Retrieve the Required Credentials
-
Client ID:
- Go to the Overview page of your registered app and copy the Application (client) ID.
-
Client Secret:
- Use the client secret value from Step 3.
-
OIDC Discovery URI:
- Use the following format: https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration, replacing <tenant-id> with your Directory (tenant) ID found in the Overview tab.
Provide Information to InfoSum
After completing these steps, share the following details with InfoSum:
- Client ID: The public identifier for your app.
- Client Secret: A confidential value for app authentication.
- OIDC Discovery URI: https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration
Once InfoSum completes the setup, you can test the integration using the provided login URL:
- Format: https://accounts.infosum.com/login/{customername-IDPType}
- Example: https://accounts.infosum.com/login/infosum-entra
Alternatively, you can access SSO via "Sign in with Private SSO" at the bottom of the InfoSum login screen, which will redirect you to your Microsoft Entra ID login portal after entering your email.
Common Issues and Troubleshooting
-
Invalid Client ID or Secret Error:
- Confirm that the Client ID and Client Secret are correctly copied. Check that the Client Secret hasn’t expired.
-
Redirect URI Mismatch Error:
- Ensure the Redirect URI matches exactly what was provided by InfoSum, including any case sensitivity or trailing slashes.
-
Access Denied Error:
- Confirm that users have been granted access to the registered app and check for any blocking Conditional Access policies in Entra ID.
-
Expired or Invalid Tokens:
- Verify the Client Secret’s validity and ensure clocks across systems are synchronized to avoid token validation issues.
-
OIDC Discovery URI Not Found:
- Check the accuracy of the tenant ID and ensure the app registration is within the correct tenant. Confirm that the OIDC configuration URL is accessible.
-
App Not Visible to Users:
- By default, new apps are hidden on users’ My Apps page. To make it visible, go to Identity > Applications > Enterprise applications and, in the app’s Properties page, toggle Visible to users? to Yes.
Conclusion
By following this guide, you will successfully configure SSO with Microsoft Entra ID. Once integration is complete, users can log in to InfoSum securely using their Microsoft credentials.
For further assistance, contact our support team at support@infosum.com