Microsoft Entra ID is an integrated cloud identity and access solution businesses use to manage directories, protect identities, and enable application access. In this article, we will explain the step-by-step process of setting up OpenID Connect (OIDC) Single Sign-On using Microsoft Entra ID. You can learn more about how to configure OIDC SSO in Businessmap here.
Setting Up OIDC SSO with Microsoft Entra ID
1. Log into your account and click on the Microsoft Entra ID icon.
2. From the left-side menu, navigate to the App registrations tab and select "New registration."
3. Create your new app and click on Register.
4. From the Overview tab, copy the Application (client) ID value, and use it as Client id in Businessmap (Administration Panel → Integrations → Applications → OpenID Connect).
5. Go to the Certificates & secrets tab and click on “New client secret.”
Type in a description and select the expiration period:
- 180 days (6 months) (recommended)
- 90 days (3 months)
- 365 days (12 months)
- 545 days (18 months)
- 730 days (24 months)
- Custom
Keep in mind that when this client secret expires, you need to manually update the new value in Businessmap.
Important: Make sure to copy the client secret value because it is only visible upon creation.
6. Go to the Authentication tab and finish setting up your Web application. In the redirect URIs, add — https://{{subdomain}}.kanbanize.com/oidc/logout.
If you have not created a Web application, you can do it by clicking on “Add a platform” with Redirect URI — https://{{subdomain}}.kanbanize.com/oidc/auth. Select ID tokens, and after you have configured it, you need to add https://{{subdomain}}.kanbanize.com/oidc/logout in Redirect URIs.
7. You need to input the Issuer URL in Businessmap. The proper format of the Issuer URL is https://login.microsoftonline.com/{tenant_id}/v2.0. You will find the tenant_id in Microsoft Entra ID → Default Directory → Overview.
8. In the app's Properties tab, you can configure who has access to the app from the “Assignment required” setting. If enabled, only users who have been added to the app will be able to log into the account (from pt.6) after authentication.
9. Your complete integration in Businessmap would look like this:
10. You are all set! Your users will now be able to log in to Businessmap through your Microsoft Entra ID account.
Related articles: