# Microsoft Entra ID
Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management service that enables employees to access external resources.
OAuth operates through a token-based authentication system, allowing users to authorize access to Microsoft Entra ID resources without sharing credentials. The user logs in to their Microsoft Entra ID account and grants permission to a third-party application to access specific resources using an access token. Subsequently, the application utilizes this token to access the authorized resources on behalf of the user, eliminating the need for the user to re-enter their login credentials.
## Configuring Microsoft Entra ID
Step 1: Log in at .
Step 2: Click **Microsoft Entra ID** under the "Azure services" section.
{% hint style="info" %}
If the Microsoft Entra ID option is not visible from the default menu, click the arrow icon labeled "More services" and search for the service.
{% endhint %}
Step 3: From the **Overview** tab, copy the **Tenant ID** value and save it for later.
Step 4: Click **App registrations** under "Manage" on the left menu bar.
Step 5: Click **New Registration**.
Step 6: Provide the following information:
* **Name:** The user-facing display name for this application (this can be changed later)
* **Supported account type**: "Accounts in this organizational directory only" is the most restrictive
* **Redirect URI:** Choose "Web" from the pulldown menu, then enter the value composed of domain name + "/api/v2/authenticate/azure"
Step 7: Click **Register** at the bottom of the page.
Step 8: Copy the value for the **Application (client) ID** and save it for use later.
Step 9: Click **Certificates and Secrets** under "Manage" on the left menu bar.
Step 10: Click **New client secret**.
Step 11: Enter a value for **Description** and select the desired expiration date. Click **Add**.
Step 12: A new secret appears on the page under the **Client Secrets** tab. Copy the value for use later.
{% hint style="warning" %}
Client secret values cannot be viewed except immediately after creation. Be sure to save the secret when created before leaving the page.
{% endhint %}
Step 13: Click **Token Configuration** from the left menu bar.
Step 14: Click **Add optional claim**.
Step 15: Choose "ID" for the **Token type**, then select "email" from the list of options that appears after clicking "ID." Click **Add**.
Step 16: Navigate back to the Microsoft Entra ID home page (see Step 2) and click **Users** from the left nav bar.
Step 17: Validate that the desired users exist in the list. Add new users as needed.
{% hint style="info" %}
Users, not members of the organization, can be invited by clicking **New user** from the toolbar. They must have a Microsoft account to accept.
{% endhint %}
Step 18: Log in to PlexTrac as an admin.
Step 19: Navigate to the **Admin Dashboard**. Click **Security** under "Security & User Management."
Step 20: Click **Authentication Methods** under "Authentication."
Step 21: From the **OAuth Providers** tab, select "Azure" from the dropdown menu "Authentication Providers."
Step 22: Enter the appropriate values for the following fields:
* **Provider URL:** Enter[ "https://login.microsoftonline.com](https://login.microsoftonline.com)."
* **Provider Tenant ID:** Enter the "Directory (tenant) ID" value copied in Step 3.
* **Identifier:** Enter the "Application (client) ID" value copied in Step 8.
* **Secret**: Enter the secret value copied in Step 14.
Step 23: Toggle on the **Enabled** button. Click **Save**.
Step 24: Return to "Security & User Management" and click **Users**.
Step 25: Under the column header "Authentication Provider," select the desired user and change the value to "Azure."
{% hint style="info" %}
Each user has to be configured individually.
{% endhint %}
