Entra SSO Setup
Entra Configuration
To utilize Entra as an option for OIDC authentication, a new App Registration is required.
To create a new App Registration, navigate to portal.azure.com and find and click on the Microsoft Entra ID service.
Once on the main Entra page, use the left navigation to find and click on the App Registration menu items
Once loaded, Click on + New registration
On the next page, have the client enter a meaningful name for this app registration and fill out the Redirect URL with the values Web and their domain going to the /identity/signin-customoidc, following the below example
https://<client’sdomain>:19443/identity/signin-customoidc
Once created, the client will be redirected to a similar screen as below. Have them click on the left navigation for the Authentication menu item. Also note there are 2 values here needed for the Marquis setup, Application (client) ID and Directory (tenant) ID. The values correspond to where they are needed in the setup.
Once loaded, have them scroll down until they see 2 check boxes, one for Access Tokens and one for ID tokens. The Access Tokens box is the only one that should be checked.
The last thing that needs to be configured is a secret. To do this, navigate to Certificates & secrets on the left navigation, and click on + New client secret. The below side menu will pop up, and only a meaningful name and time limit (set by the client) are needed. It is important for the client to note when the secret expires because a new secret will need to be created and added into the app at that point.
Once created, the Value will only be available while the client is on this screen. Once they navigate away, the secret is no longer visible and cannot be copied, so it is important for them to copy the secret at this point.
This completes the Entra setup