SSO manual for Microsoft Entra ID (before Azure Active Directory)


Step 1:
Microsoft Entra ID

Log in to https://portal.azure.com/ and go to “Microsoft Entra ID” in the sidebar. The sidebar may be folded/closed.

ZL4c9ZH.png

 

Step 2: App registration

MTPXhUy.png

  1. Go to “App registrations” in the sidebar
  2. Click on “New registration”

Step 3: Register an application

ynN40NM.png

Create a new registration. Complete the following fields:

  1. Name: the application name that users will see
    • Enter “Dialog” here, unless the application is internally known by a different name.
  2. Supported account types: this is organization dependent and must be filled in yourself.
    • You can use "help me choose" for helping you with choosing the right option.
  3. Redirect URI: the Dialog URLs that Microsoft Entra allows. These are required for the SSO handshake.
    • Enter “https://api.dialog.nl/api/sso/openidconnectcallback” here.

Save these changes.

Step 4: Overview of registration information

Next, you will arrive at the page below.

ZDgxKhH.png

You can immediately copy and fill in the Application (client) ID and Directory (tenant) ID into the table with the information we need to set up the SSO. (See the table in Step 9)

Step 5: Set Redirects

Go to the app registration to configure it further.

JbE7pjE.png

  1. Click on "Authentication" so you can set additional Redirect URIs.
  2. Check if https://api.dialog.nl/api/sso/openidconnectcallback is set. If not, you need to add it (step 3. "add URI" below).
  3. Click on "add URI" to add another URI.
  4. Enter https://acceptance-api.dialog.nl/api/sso/openidconnectcallback here.

Step 6: Branding & properties

Y8TzgCF.png

  1. Go to “Branding & Properties”
  2. Enter the name "Dialog".
  3. Set the Dialog logo:
    Dialog_logo.png
  4. Set the homepage URL here, which is: https://app.dialog.nl.
  5. Enter the URL for the Dialog privacy statement here: https://dialoghr.atlassian.net/wiki/x/AYBDzw

Step 7: Permissions

omaR0NK.png

  1. Go to “API permissions”
  2. Click on the button “Add a permission”.
  3. Choose for "Microsoft Graph"

hv2mpwN.png

  1. Choose "Delegated permissions".
  2. Grant permission for "openid".
  3. Grant permission for "profile".
  4. Check if permission for "User read" is granted. This is usually already present, but double-check to be sure.

Step 8: Client Secret

KAzxjw5.png

  1. Go to "Certificates & secrets".
  2. Click on "new client secret" to create a new secret.
  3. Under Expires, specify how long you want the secret to be valid, and also fill this in with the information we need. (see the table in step 9)
    Note: When creating a secret, you provide an expiration date until which the secret is valid. Once this date has passed, employees will no longer be able to log in to Dialog via Single Sign-On.
    Set a reminder for yourself to create a new secret one week before it expires. You can then share the new value with your contact within Dialog so that we can apply it in Dialog again. This will prevent employees from losing access to the login.
  4. Click on "add" to create the client secret. When you create it, you will immediately see the secret. This secret has a value, which is displayed only once during the creation of the secret. Save this value and enter it in the column in Step 9 (not the secret ID).

GW1iFvW.png

Step 9: Collecting information

Collect the following information with the available information from the app registration. Information such as the Directory (tenant) ID can be found on the overview of the app registration. Share this information with your contact within Dialog.

Category Answer
Directory (Tenant) ID  
Application (Client) ID  
Client secret value (please send the Value)  
Domain(s) e-mail address, behind the @ e.g. dialog.nl / dialog-hr.nl
Client secret valid till  


Frequently asked questions

Was this article helpful?
0 out of 0 found this helpful