Skip to main content

Microsoft Entra ID

Microsoft Entra ID can be configured as the Identity Provider for OIDC, which is an authentication protocol that securely verifies user identities through a trusted provider. This document explains how to obtain the required credentials from the Microsoft Azure Portal. Refer to the OIDC Setup guide to configure OIDC in your application.

Generating Client ID and Client Secret on Microsoft Azure Portal

  1. Go to ToolJet > Workspace Settings > Workspace login > Enable OpenID Connect > Add provider.
    (Example URL - https://app.corp.com/demo-workspace/workspace-settings/workspace-login)

    Microsoft Entra ID

  2. Without entering any details, click Save changes to generate and copy the Redirect URL.

  3. Go to Microsoft Azure Portal and navigate to Manage Microsoft Entra ID.

  4. Register your application or create a new one by clicking on Add > App Registration.

    App registration

  5. Fill the details as per your requirements. In the Redirect URI, enter the Redirect URL you got from ToolJet and click on Register.

    Register application

  6. You can find the Client ID on the Application's Overview tab. To get the Client Secret, go to the application's Overview tab > Manage > Client credentials > Add a certificate or secret > New client secret. Copy the value field.

    Client secret

  7. Enter the Client ID and Client Secret in the OIDC configuration modal in ToolJet.

  8. The Well know URL will be:

    https://login.microsoftonline.com/<directory(tenant)-id>/v2.0/.well-known/openid-configuration

    You can find the Directory (tenant) ID on the Overview tab of your application in Azure.

You shall now be able to login to your ToolJet workspace using Microsoft Entra ID.

Sign-In Page

Configuring Group Sync using Microsoft Entra ID

  1. Go to Azure Portal > Enterprise Applications > Your application.

  2. In the left panel, go to Manage > Single sign-on > Attributes & Claims > Edit > Add a group claim > Click on Go to Token configuration.

    Token Configuration

  3. Click on Add groups claim > All groups (You can choose the group type according to your need) and click Add. A claim named groups will be created.

    Groups Claim

  4. Go to Azure Portal > Groups > All groups. Select the group you want to create a mapping for and copy the Object ID.

    Groups Object ID

  5. Go to ToolJet > Workspace Settings > Workspace login > OpenID Connect > Your Microsoft Entra ID OIDC Configuration > Enable Group Sync. (Example URL - https://app.corp.com/demo-workspace/workspace-settings/workspace-login)

  6. Enter the Claim Name as groups. If the name you got in Step 3 was different, enter that.

  7. The Group mapping will be as follows:

    Object ID from Step 4 -> ToolJet group name
    Group Sync COnfiguration