Syntasa offers a variety of Single Sign-On (SSO) options for user login, including Microsoft Entra ID. This means you can leverage your existing Microsoft Entra ID credentials to seamlessly access the Syntasa platform. This simplifies the login process and strengthens security by eliminating the need to manage separate credentials for Syntasa.
Note:
SSO configuration involves administrative privileges and should be done following best practices for security. We recommend consulting with a system administrator if needed.
For comprehensive guidance on configuring SSO applications with Microsoft Entra ID, consult the official Microsoft Entra ID documentation on app registration.
Register an Application in Microsoft Entra ID
-
Log in to the Azure Portal:
- Open your web browser and go to the Azure portal.
- Sign in with your Azure account credentials.
-
Navigate to Azure Entra ID:
- In the Azure portal, select the Menu button (three horizontal lines) in the upper-left corner or use the search bar to find "Microsoft Entra ID".
- Click on Microsoft Entra ID from the list.
-
Register a New Application:
- Go to App Registrations in the left-hand menu.
- Click on New Registration at the top of the App Registrations page.
- Fill in the registration form:
- Name: Enter a meaningful name for your application (e.g., "OIDC Test App").
-
Supported account types: Choose who can use this application:
- Accounts in this organizational directory only (Single tenant) - Most common
- Accounts in any organizational directory (Any Azure AD directory - Multitenant).
- Accounts in any organizational directory and personal Microsoft accounts (e.g., Skype, Xbox).
- Personal Microsoft accounts only.
-
Redirect URI:
- Select Platform: Web
- Redirect URI: Enter the URI where Azure AD will send the authentication response (e.g., https://<syntasa platform>/oauth2/azure/callback).
- Click Register.
-
Configure API Permissions:
- After registering the application, you'll be redirected to the application's overview page.
- In the left-hand menu, click on Manage > API permissions.
- Click on Add a permission.
- Select Azure Service Management on the right-hand panel
- Select user_impersonation permission and click Add Permission.
-
Create a Client Secret:
- In the left-hand menu, click on Certificates & secrets.
- Under Client Secrets, click on New Client Secret.
- Add a description for the client secret and set the expiration period as needed.
- Click Add.
- Copy the Client secret value immediately and store it securely, as you won't be able to see it again.
- Both Client Secret Value and Client Secret ID need to be shared with Syntasa for SSO to work.
Summary
- Register an Application in Microsoft Entra ID: Set up a new application registration and setup redirect URI
- Configure API Permissions: Grant necessary permissions for the application.
- Create a Client Secret: Generate a client secret for the application.
- Share the following details with Syntasa: ClientID, Client Secret, Domain