Single Sign On with Entra ID (Azure AD)

It is possible to connect the online platform to Entra ID (the new name for Azure Active Directory). This allows users to log in with their Microsoft account. This connection can be realized in two different ways:

  1. Connection using the Toolsfactory application from the Microsoft Entra gallery.
  2. Connection using a self-created Entra application, where a new client-secret has to be created every year.

The first option is the easiest to set up and has the lowest chance of problems.

To activate the connection, we need the “Tenant ID”. You don’t have to install the app yourself in Entra.

  • Visit the Entra admin center https://entra.microsoft.com
  • Select Overview from the menu.
  • Verify that the correct Azure tenant name is displayed.
  • Send the “Tenant ID” to your contact person at Toolsfactory or to help@toolsfactory.nl.

After the first user has used the SSO login, the application appears in the Entra admin environment and you can change settings, such as which users are allowed to log in.

2. Create an app in Entra

The use of this method is discouraged because Toolsfactory has no visibility on the expiration date of the client secret, which can cause users to unexpectedly be unable to log in when the client secret expires.

To enable SSO with Entra ID accounts you need to create an application in Azure Active Directory.

  • Click “New registration” at the top of the screen.
  • Type a name for the app.
  • Choose which account types can use the app.
  • For Redirect URI select ‘Web’ and fill in the URL below. Replace DOMAIN-NAME with the domain name of the environment.

https://DOMAIN-NAME/users/auth/microsoft_graph_auth/callback

  • Click ‘Register’ at the bottom of the page.
  • The overview page appears. Copy the ‘Application (client) ID’ and save it in a separate document. Note that this is the Application ID.
  • Also copy the ‘Directory (tenant) ID’ and save it in the same document. Note that this is the Directory ID.

  • Select ‘Certificates & secrets’.
  • Under Client secrets, click ‘New client secret’.
  • Type a description and select when the certificate expires. If you choose ‘Custom’, you can pick a date far in the future. Note: if you choose a shorter period, the certificate has to be reset before the period expires.
  • Click ‘Add’.

  • Copy the value of the client secret by clicking the button next to the value and paste it into the document. Note that this is the client secret.

NOTE: It concerns the value of the client secret, not the ID. The value of the client secret is never shown again. This is therefore the only opportunity to copy it!

You now have a document with three values:

  • Application (client) ID
  • Directory (tenant) ID
  • Client secret value

Send these values to your contact person at Toolsfactory. We will configure the environment.

NOTE: As soon as the client secret expires, users can no longer log in. Make sure to provide a new client secret to Toolsfactory in time so users are not affected.

SCIM

With the Microsoft Entra SCIM implementation, it is possible to synchronise users between Entra ID and our application. For example, employees who are removed from Entra ID (because they have left the company) are also removed from our application.

We support this connection. See the Microsoft documentation for more information. Contact us to activate the connection.

Still need help? Contact Us Contact Us