Step 1: Microsoft Entra ID
Log in to https://portal.azure.com/ and go to “Microsoft Entra ID” in the sidebar. The sidebar may be folded/closed.
Step 2: App registration
- Go to “App registrations” in the sidebar
- Click on “New registration”
Step 3: Register an application
Create a new registration. Complete the following fields:
-
Name: the application name that users will see
- Enter “Dialog” here, unless the application is internally known by a different name.
-
Supported account types: this is organization dependent and must be filled in yourself.
- You can use "help me choose" for helping you with choosing the right option.
-
Redirect URI: the Dialog URLs that Microsoft Entra allows. These are required for the SSO handshake.
- Enter “https://api.dialog.nl/api/sso/openidconnectcallback” here.
Save these changes.
Step 4: Overview of registration information
Next, you will arrive at the page below.
You can immediately copy and fill in the Application (client) ID and Directory (tenant) ID into the table with the information we need to set up the SSO. (See the table in Step 9)
Step 5: Set Redirects
Go to the app registration to configure it further.
- Click on "Authentication" so you can set additional Redirect URIs.
- Check if https://api.dialog.nl/api/sso/openidconnectcallback is set. If not, you need to add it (step 3. "add URI" below).
- Click on "add URI" to add another URI.
- Enter https://acceptance-api.dialog.nl/api/sso/openidconnectcallback here.
Step 6: Branding & properties
- Go to “Branding & Properties”
- Enter the name "Dialog".
-
Set the Dialog logo:
- Set the homepage URL here, which is: https://app.dialog.nl.
- Enter the URL for the Dialog privacy statement here: https://dialoghr.atlassian.net/wiki/x/AYBDzw
Step 7: Permissions
- Go to “API permissions”
- Click on the button “Add a permission”.
- Choose for "Microsoft Graph"
- Choose "Delegated permissions".
- Grant permission for "openid".
- Grant permission for "profile".
- Check if permission for "User read" is granted. This is usually already present, but double-check to be sure.
Step 8: Client Secret
- Go to "Certificates & secrets".
- Click on "new client secret" to create a new secret.
- Under Expires, specify how long you want the secret to be valid, and also fill this in with the information we need. (see the table in step 9)
Note: When creating a secret, you provide an expiration date until which the secret is valid. Once this date has passed, employees will no longer be able to log in to Dialog via Single Sign-On.
Set a reminder for yourself to create a new secret one week before it expires. You can then share the new value with your contact within Dialog so that we can apply it in Dialog again. This will prevent employees from losing access to the login. - Click on "add" to create the client secret. When you create it, you will immediately see the secret. This secret has a value, which is displayed only once during the creation of the secret. Save this value and enter it in the column in Step 9 (not the secret ID).
Step 9: Collecting information
Collect the following information with the available information from the app registration. Information such as the Directory (tenant) ID can be found on the overview of the app registration. Share this information with your contact within Dialog.
Category | Answer |
Directory (Tenant) ID | |
Application (Client) ID | |
Client secret value (please send the Value) | |
Domain(s) e-mail address, behind the @ | e.g. dialog.nl / dialog-hr.nl |
Client secret valid till |