Back to App

Azure Entra ID SSO Setup Guide

Complete instructions to configure Single Sign-On for your organization

Overview

This guide will walk you through setting up Azure Entra ID (formerly Azure Active Directory) Single Sign-On integration with your SSO Demo configuration.

What You'll Configure

  • Azure App Registration - Creates an identity for your application in Azure
  • Redirect URI - Tells Azure where to send users after authentication
  • SSO Configuration - Links your Azure app to this demo platform

Authentication Flow

  1. User clicks "Sign In with Microsoft" on your test page
  2. User is redirected to Microsoft login
  3. After authentication, Microsoft redirects back with an authorization code
  4. The app exchanges the code for tokens and displays user information

Prerequisites

Before you begin, make sure you have:

  • Azure Account - Access to an Azure subscription with Entra ID
  • Admin Access - Permission to create App Registrations in your Azure tenant (or have an admin do it for you)
  • SSO Demo Account - A registered account on this platform

Note: If you don't have admin access to create App Registrations, contact your Azure administrator to create one for you.

Azure Portal Setup

1Access Azure Portal

  1. Go to portal.azure.com
  2. Sign in with your Azure account
  3. In the search bar, type App registrations and select it

2Create New App Registration

  1. Click + New registration
  2. Enter a name for your app (e.g., "SSO Demo App")
  3. Under Supported account types, select one of:
    • Single tenant - Only users in your organization
    • Multitenant - Users in any Azure AD organization
    • Multitenant + Personal - Includes personal Microsoft accounts
  4. Leave Redirect URI blank for now (we'll add it next)
  5. Click Register

3Configure Redirect URI (Critical Step)

Important: The redirect URI MUST be configured as a Single-page application (SPA) type, NOT "Web". This is the most common source of errors.

  1. In your App Registration, go to Authentication in the left menu
  2. Click + Add a platform
  3. Select Single-page application (NOT "Web")
  4. Enter your Redirect URI from the SSO Demo app: 
    https://www.ssodemoapp.com/t/YOUR_CONFIG_ID

    Replace YOUR_CONFIG_ID with the 8-character ID shown when you create a configuration

  5. Click Configure

4Copy Application (Client) ID

  1. Go to Overview in your App Registration
  2. Copy the Application (client) ID - you'll need this
  3. If using single tenant, also copy the Directory (tenant) ID

5Configure API Permissions (Optional)

By default, your app can read basic user profile information. For additional data:

  1. Go to API permissions
  2. Click + Add a permission
  3. Select Microsoft Graph
  4. Choose Delegated permissions
  5. Add permissions as needed:
    • User.Read - Basic profile (included by default)
    • profile - Extended profile info
    • email - User's email address
  6. Click Add permissions

Azure setup complete! You now have an App Registration ready to use with SSO Demo.

App Configuration

1Create SSO Configuration

  1. Log in to SSO Demo App
  2. Click New Configuration
  3. Note the Redirect URI shown at the top - you need this in Azure
  4. Fill in the configuration:
    Field Description
    Configuration Name A friendly name (e.g., "Production SSO")
    Description Optional description
    Application (Client) ID The GUID from Azure App Registration
    Tenant Type Must match your Azure app's supported account types
  5. Click Save Configuration

2Add Redirect URI to Azure

After saving, copy the Redirect URI from your configuration card and add it to Azure:

  1. Go back to Azure Portal → Your App Registration → Authentication
  2. Under Single-page application, add the redirect URI
  3. Click Save

Remember: The redirect URI in Azure must exactly match the one shown in your configuration, including the protocol (https://) and path.

Testing SSO

1Open Test URL

  1. From your configuration card, click Open to launch the test page
  2. Or share the URL with users who need to test

2Sign In

  1. Click Sign In with Microsoft
  2. A popup will appear for Microsoft authentication
  3. Enter your credentials and complete any MFA if required
  4. Accept any consent prompts

3Verify Connection

After successful authentication, you should see:

  • Status changes to Connected (green)
  • Your name and email displayed
  • Job title and department (if available in your directory)
  • Profile photo (if you have one in Azure AD)

Device Code Flow (Alternative)

If popups don't work (e.g., embedded browsers), use Device Code:

  1. Click Device Code Login
  2. Note the code displayed
  3. On any device, go to microsoft.com/devicelogin
  4. Enter the code and sign in
  5. The test page will automatically update when complete

Troubleshooting

Common Errors

Error Solution
AADSTS50011: The redirect URI does not match The redirect URI in Azure doesn't match exactly. Check for typos, trailing slashes, and ensure it's added as SPA type.
Cross origin token redemption is permitted only for SPA Your redirect URI is configured as "Web" type instead of "Single-page application". Delete it and re-add as SPA.
AADSTS700054: response_type 'token' is not supported Same as above - redirect URI must be SPA type, not Web.
AADSTS65001: User or admin has not consented The user needs to consent to permissions, or an admin needs to grant tenant-wide consent.
AADSTS700016: Application not found The Client ID is incorrect or the app was deleted. Verify the ID in Azure.
AADSTS90002: Tenant not found The Tenant ID is incorrect. Use "organizations" for multi-tenant or verify your tenant ID.
Popup blocked Allow popups for this site in your browser, or use Device Code flow instead.

Checklist

If authentication isn't working, verify:

  • ✓ Redirect URI is added as Single-page application (not Web)
  • ✓ Redirect URI matches exactly (including https://)
  • ✓ Client ID is copied correctly (no extra spaces)
  • ✓ Tenant type matches your Azure app's supported account types
  • ✓ User has permission to sign in to the app
  • ✓ Popups are allowed in your browser

Still Need Help?

If you're still experiencing issues:

  1. Check the browser console (F12 → Console) for detailed error messages
  2. Verify all settings match between Azure and your configuration
  3. Try in an incognito/private browser window
  4. Clear browser cache and cookies