Skip to content
Scalekit Docs
Talk to an Engineer Dashboard

Microsoft Entra ID - OIDC

Learn how to set up OpenID Connect (OIDC) Single Sign-On (SSO) using Microsoft Entra ID, with step-by-step instructions for app registration and OIDC configuration.

This guide walks you through configuring Microsoft Entra ID as your OIDC identity provider. You’ll create an app registration, provide OIDC values in the SSO Configuration Portal, map required claims, assign access, test the connection, and enable Single Sign-On.

  1. Create an Application

    Section titled “Create an Application”

    Sign in to Microsoft Entra ID in the Microsoft Azure Portal. Go to App registrations and click New registration to create a new app.

    Microsoft Entra ID App registrations page with New registration button

    Set the Application name. Set Supported Account Types to Single tenant only. Application registration form showing app name and single-tenant account type

    From the SSO Configuration Portal, copy the Redirect URI from Service Provider Details: SSO Configuration Portal showing the Redirect URI in Service Provider Details

    In Entra ID, under Redirect URI section, select Web and paste the copied redirect URI, then click Register. Microsoft Entra registration screen with Web Redirect URI configured

  2. Generate client credentials

    Section titled “Generate client credentials”

    From the application’s Overview page in Entra ID, copy Application (client) ID. Application Overview page highlighting the Application client ID

    Go to Certificates & secrets, click New client secret, and create a client secret and copy it. Certificates and secrets page with New client secret action New client secret created with value ready to copy

    Add the Client ID and Client Secret in the SSO Configuration Portal. SSO Configuration Portal fields for Client ID and Client Secret

  3. Provide Issuer URL

    Section titled “Provide Issuer URL”

    In Entra ID, navigate to application’s Overview page -> Endpoints. Copy the OpenID Connect metadata document URL: Application Endpoints dialog showing OpenID Connect metadata document URL

    Paste the copied URL into the Issuer URL field in the SSO Configuration Portal and click Update. SSO Configuration Portal Issuer URL field populated with metadata URL

  4. Attribute Mapping

    Section titled “Attribute Mapping”

    Go to Token configuration and click Add optional claim. Select token type ID, then add these claims: email, family_name, and given_name.

    Add optional claim dialog with ID token claims email family_name and given_name selected

  5. Assign Users and Groups

    Section titled “Assign Users and Groups”

    In Entra ID, navigate to Enterprise applications and select the recently created OIDC app. Enterprise applications list with the newly created OIDC app selected

    Then navigate to Users and groups and click Add user/group. Users and groups page with Add user or group action

    Assign the required users or groups, and save the assignment. Assigned users and groups list for the Entra OIDC enterprise application

  6. Test your SSO connection

    Section titled “Test your SSO connection”

    In the SSO Configuration Portal, click Test Connection to verify your configuration.

  7. Enable Single Sign-On

    Section titled “Enable Single Sign-On”

    Once the test succeeds, click Enable Connection. SSO Configuration Portal with Enable Connection action after successful test

    This completes the Microsoft Entra ID OIDC SSO setup for your application.