search
Customer Support

Microsoft Entra ID - OIDC - Configuration

circle-check

hashtag
Required User Credentials

[Flosum User] - SystemAdministrator Role

circle-check

hashtag
Important Note

The instructions in this article cover a third-party app and may not reflect the latest version. Please use these instructions as a guide to complete the task, but be aware that some screens, field names, and steps may have changed.

hashtag
Overview

This guide explains how to integrate Microsoft Entra ID using OpenID Connect (OIDC) with Flosum Cloud Apps to enable Single Sign-On (SSO) for seamless login. If you prefer to integrate Entra ID via SAML, refer to the following article.

circle-info

For more general instructions about adding an Identity Provider, see the following article.

circle-exclamation

hashtag
Customer-Hosted

Customers who host Flosum Apps on their own infrastructure will have a custom URL for logging into their apps. When using this documentation, replace any Flosum Hosted URLs with your own URLs.

hashtag
Outline Of Steps Involved

  • Create an Azure Active Directory App

  • Set the Redirect URL

  • Determin Issuer URL

  • Obtain the Client ID and Client Secret

  • Create an Identity Provider with Flosum Global Settings

  • Test the SSO

hashtag
Configuring Entra ID for Flosum Cloud Apps

This section shows you how to configure an Entra ID App to work with Flosum Cloud Apps for SSO.

circle-exclamation

These instructions were written for Microsoft Azure Active Directory, which has since been rebranded as Entra ID. While there may be some minor differences with the instructions, they can still be used to complete the process.

1

hashtag
Register an App in Azure Active Directory

  1. Navigate to the Azure portal.

  2. Access the Azure Active Directory service.

  3. Click on the Add button.

  4. From the dropdown options, select App registration.

2

hashtag
Complete the App Registration

  1. Enter a name for your application in the Name field.

  2. Select the Supported account types based on your organization's requirements.

  3. Input the Redirect URI where Azure AD will send the authentication response.

  4. In the Callback URL field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region.

Flosum Cloud App
Callback URL

Global Settings

https://global-us.flosum.app/api/v1/auth/login/open-id

Backup & Archive

https://backup-us.flosum.app/api/v1/auth/login/open-id

DevOps

https://devops-us.flosum.app/api/v1/auth/login/open-id

3

hashtag
Set Up Authentication and Logout URL

  1. Navigate to the Authentication section.

  2. In the Logout URL field, add the URL of your region for each Flosum Cloud App you want to use with SSO. See the table below for the URLs for your region. Note: This field is mandatory.

Flosum Cloud App
Sign-Out URL

Global Settings

https://global-us.flosum.app/api/v1/oauth/login

Backup & Archive

https://backup-us.flosum.app/api/v1/oauth/login

DevOps

https://devops-us.flosum.app/api/v1/oauth/login

4

hashtag
Generate a New Client Secret

  1. Proceed to the Certificates & Secret section.

  2. Click New client secret.

  3. Fill in the necessary details.

  4. Click Add to generate the secret.

5

hashtag
Retrieve the Issuer URL

circle-info

You will need the ISSUER_BASE_URL value when creating the Identity Provider in Flosum Global Settings.

  1. Navigate to App registrations in Azure Active Directory.

  2. Select your App Name and go to the Overview section.

  3. Find and copy the ISSUER_BASE_URL, which will appear like https://login.microsoftonline.com/<tenant id>

6

hashtag
Retrieve the Client ID and Client Secret

circle-info

You will need the Application (client) ID and Client Secrets Value when creating the Identity Provider in Flosum Global Settings.

  1. In Azure Active Directory, go to App registrations.

  2. Select your App Name.

  3. Your client ID will be listed under Application (client) ID; copy the value.

  4. In the Certificates & secrets section, find and copy the Value under the Client Secret tab.

hashtag
Create Identity Provider In Global Settings

1

hashtag
Create Identity Provider

Follow the general instructions in the article below to get started creating an OIDC Identity Provider.

  1. Adding an Identity Provider (SSO)

  2. Complete the Basic information section.

    1. Select OPEN_ID for the identity provider Type.

  3. Complete the Button information section.

  4. (Optional) Complete the Group information section.

hashtag
Complete OpenId Information Fields

Copy the information from your Entra ID application into the OpenId Information section. The table explains which Entra ID values to enter into which Flosum Fields. The final screenshot shows a completed identity provider for an Entra ID ODIC application.

The sections above show you how to find the values found in the Entra ID Field/Value column.

Flosum Field
Entra ID Field/Value

Client ID

Application (client) ID

Client Secret

Client Secrets Value

Issuer

ISSUER_BASE_URL

2

hashtag
Save and Test

circle-info

For instructions on logging in with SSO, see the following article.

  1. Click Save to save the identity provider.

  2. To test, open an incognito window.

  3. Start logging in to Global Settings with your tenant name.

  4. If the identity provider was configured successfully, you should see the SSO button you created.

PreviousAWS Cognito - OIDC - ConfigurationNextGoogle IDP - OIDC - Configuration

Last updated

Was this helpful?