Microsoft Entra ID provider
  • 10 Aug 2024
  • 2 Minutes to read
  • Dark
    Light

Microsoft Entra ID provider

  • Dark
    Light

Article summary

Activating SSO allows users on the Agile.Now platform to log in using their Microsoft Entra ID credentials, streamlining the login process and enhancing security.

To configure Microsoft Entra ID for Single Sign-On (SSO) on the Agile.Now platform, including synchronization of user groups, follow these steps:

Register Applications in Azure Active Directory

  1. To enable OAuth 2.0 authentication using the client credentials grant type, you must register the client applications in Microsoft Entra Directory. For guidance, refer to the Microsoft documentation.

Configure a Client Application

A client application requests access to a protected resource. Once registered in Microsoft Entra ID Directory, follow these steps to apply the client credentials grant type:

  • Access the Microsoft Entra ID Directory service. In 'App registrations', open your client application's registration.

  • Copy the Application (client) ID. You'll need it to link the client to the web service and configure request authentication. Formulate your "Discovery endpoint" URL by replacing {tenant-id} with your Directory (tenant) ID. The URL should resemble: https://login.microsoftonline.com/{tenant-id}/v2.0/.well-known/openid-configuration.
    Entra_Overview

  • For the Client Credentials Grant type, ensure you have the correct callback URLs. To set this, go to the Authentication page and select Add a platform.
    Entra_Autentication

  • In the popup window, choose "Web" and enter "Redirect URIs" and the "Front-channel logout URL". Check the "ID tokens (used for implicit and hybrid flows)" option. These URLs can be obtained from the Agile.Now platform when creating a new provider. Click "Configure" afterward.
    Entra_AutenticationEdit

  • For creating a client secret, navigate to Certificates & secrets and select New client secret. Add a description, set the expiry time as per your security policies, and click Add.
    Entra_Secret_Added

Remember, you cannot retrieve the client secret once you leave the Certificates & secrets page.

  • For the Client Credentials Grant type, you'll need to configure the correct token claims. Go to the Token configuration page and click Add optional claim. Choose the "ID" token type and select the following claims: email, family_name, given_name, and preferred_username. Click "Add".
    Entra_TokenAdded

  • To set the correct token permissions, open the API permissions page and click Add a permission. Choose "Microsoft Graph" and then "Delegated permissions". Select the "OpenId permissions" (email, offline_access, openid, profile) and optionally GroupMember.Read.All for synchronizing user groups. Click "Add permissions".

  1. Grant admin consent for your organization by clicking the "Grant admin consent for ..." button and confirm on behalf of your company.
    Entra_Permissions_Added

Configuring SSO with Microsoft Entra ID on Agile.Now

You are now ready to integrate Microsoft Entra ID provider with the Agile.Now Platform.
Follow the steps in Configuring SSO in Agile.Now


Was this article helpful?