Microsoft Entra ID

Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management service that enables employees to access external resources.

OAuth operates through a token-based authentication system, allowing users to authorize access to Microsoft Entra ID resources without sharing credentials. The user logs in to their Microsoft Entra ID account and grants permission to a third-party application to access specific resources using an access token. Subsequently, the application utilizes this token to access the authorized resources on behalf of the user, eliminating the need for the user to re-enter their login credentials.

Configuring Microsoft Entra ID

Step 1: Log in at https://portal.azure.com/#home.

Step 2: Click Microsoft Entra ID under the "Azure services" section.

If the Microsoft Entra ID option is not visible from the default menu, click the arrow icon labeled "More services" and search for the service.

Step 3: From the Overview tab, copy the Tenant ID value and save it for later.

Step 4: Click App registrations under "Manage" on the left menu bar.

Step 5: Click New Registration.

Step 6: Provide the following information:

  • Name: The user-facing display name for this application (this can be changed later)

  • Supported account type: "Accounts in this organizational directory only" is the most restrictive

  • Redirect URI: Choose "Web" from the pulldown menu, then enter the value composed of domain name + "/api/v2/authenticate/azure"

Step 7: Click Register at the bottom of the page.

Step 8: Copy the value for the Application (client) ID and save it for use later.

Step 9: Click Certificates and Secrets under "Manage" on the left menu bar.

Step 10: Click New client secret.

Step 11: Enter a value for Description and select the desired expiration date. Click Add.

Step 12: A new secret appears on the page under the Client Secrets tab. Copy the value for use later.

Client secret values cannot be viewed except immediately after creation. Be sure to save the secret when created before leaving the page.

Step 13: Click Token Configuration from the left menu bar.

Step 14: Click Add optional claim.

Step 15: Choose "ID" for the Token type, then select "email" from the list of options that appears after clicking "ID." Click Add.

Step 16: Navigate back to the Microsoft Entra ID home page (see Step 2) and click Users from the left nav bar.

Step 17: Validate that the desired users exist in the list. Add new users as needed.

Users, not members of the organization, can be invited by clicking New user from the toolbar. They must have a Microsoft account to accept.

Step 18: Log in to PlexTrac as an admin.

Step 19: Navigate to the Admin Dashboard. Click Security under "Security & User Management."

Step 20: Click Authentication Methods under "Authentication."

Step 21: From the OAuth Providers tab, select "Azure" from the dropdown menu "Authentication Providers."

Step 22: Enter the appropriate values for the following fields:

  • Provider Tenant ID: Enter the "Directory (tenant) ID" value copied in Step 3.

  • Identifier: Enter the "Application (client) ID" value copied in Step 8.

  • Secret: Enter the secret value copied in Step 14.

Step 23: Toggle on the Enabled button. Click Save.

Step 24: Return to "Security & User Management" and click Users.

Step 25: Under the column header "Authentication Provider," select the desired user and change the value to "Azure."

Each user has to be configured individually.

Last updated

© 2024 PlexTrac, Inc. All rights reserved.