Single Sign-on with Microsoft Entra ID (Native)

About Microsoft Entra ID Native Integration

Microsoft Entra ID Native integration in Iru Endpoint lets you set up native Microsoft Entra ID integration for SSO. Users authenticate using their Microsoft Entra ID credentials through OAuth2/OpenID Connect.

How It Works

When users attempt to access Iru Endpoint, they’re redirected to Microsoft Entra ID for authentication using OAuth2/OpenID Connect protocols. After successful authentication, Microsoft Entra ID sends an access token back to Iru Endpoint, which validates the user’s identity and grants access to the platform.

Microsoft Entra ID is the new name for Azure AD (Azure Active Directory)

Because client secrets have a maximum life of 24 months, we recommend that you configure SAML based Single Sign-On instead of using the method described in this document.

Prerequisites

Before you begin, ensure you have:

Access to the Iru web app as an Admin or Account Owner
An administrator account in Microsoft Entra ID with permissions to create app registrations (such as Global Administrator, Application Administrator, or Cloud Application Administrator)

Microsoft Entra ID
Iru Web App

Setting Up Microsoft Entra ID Application

Follow these steps to configure your Microsoft Entra ID application:

Access Microsoft Entra Admin Center

Navigate to Applications

In the left navigation bar, click Applications.

Access App Registrations

Click App Registrations.

Create New Registration

Click New Registration to register a new application.

Name the Application

In the Name field, specify a name for the application (such as “Iru Native SSO”).

Select Account Types

For “Supported account types,” select Accounts in this organizational directory only.

Configure Redirect URIs

In the Redirect URI field, select Web from the dropdown menu, and enter the unique redirect URI for your tenant. You can find your tenant-specific redirect URI by navigating to Your Name → Access → Admin and Authentication, then scroll down to Authentication methods and click + Authentication Method → Microsoft Entra ID. The unique redirect URI will be displayed in the Configuration Information section of the SSO connection.

Settings Access Admin and Authentication page showing Authentication methods section with Microsoft Entra ID option and the redirect URI displayed

Click Register.

Copy Client ID

On the new page, copy the Client ID and save this for later.

Access Certificates and Secrets

Click Certificates and Secrets.

Create New Client Secret

Click New client secret.

Configure Secret Details

Give the client secret a name such as “Iru Native SSO.”

Set Expiration

Set the expiration to 24 months.

Add Secret

Click Add.

Copy Secret Value

Copy the Value of the client secret, and save this for later. Note that the client secret Value is distinct from the client secret ID.

Configuring Iru Endpoint Connection

Follow these steps to configure the connection in Iru:

Navigate to the Account Menu Button

In Iru Endpoint, in the sidebar, click the Account Menu Button.

Access Authentication Settings

Click the Access option in the menu.

Add New Connection

Select the Admin and Authentication tab (selected by default) and scroll down to Authentication methods.

Add Authentication Method

Click + Authentication Method, then enter a display name for the SSO Connection and select Microsoft Entra ID.

Create Connection

Click Create.

After creating the connection, you’ll be presented with Microsoft Entra ID connection and implementation details. At this point, you’ll need to complete the steps in the Microsoft Entra ID tab if you haven’t already.

Follow these steps to complete the configuration:

Configure Connection Name

Customize or use the default Name for the Entra connection (this will be shown on the login page).

Enable Tenant Authentication (Optional)

If desired, enable Tenant Authentication to use Microsoft Entra ID to log into your Iru tenant. You must have a valid Microsoft Entra ID configuration for this to work.

Restrict Tenant Authentication to Specific Domains (Optional)

Optionally, you can restrict your tenant authentication to a subset of domain(s) that you choose to allow authentication from. This will only include domains that your authenticating Microsoft Entra ID administrator account has access to.

Enter Directory Domain

Enter your Entra ID Directory Domain that the application was registered within. Please refer to Microsoft’s documentation to locate your directory domain name.

Enter Client ID

Enter the Client ID you previously copied from the Entra admin center.

Enter Client Secret

Enter the Client Secret you previously copied from the Entra admin center.

Save Configuration

Click Save.

Authorize Connection

After saving, a new dialogue box will appear with a link to authorize your connection. A Microsoft Entra ID administrator for your domain must click the link and complete this process to authorize the application. This box will not go away after authorization is completed.

Complete Authorization

In the new window that launches, sign in and click Accept.

Verify Authorization

After clicking Accept, you will be brought to an authorization success page.

Confirm Setup

Your connection has now been successfully configured and may be enabled and tested.

If you encounter the error “Failed to obtain access token,” it may be because the secret ID was used instead of the correct value.

Enforcing Single Sign-On

Once you have configured at least one Single Sign-On connection, you can disable the Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via those methods. Please refer to our Single Sign-On support article for step-by-step instructions.

Renewing the Client Secret

Create New Client Secret

Follow the steps in the Microsoft Entra ID tab above to create a new client secret. Complete steps “Access Certificates and Secrets” through “Copy Secret Value” to create a new client secret and copy the value.

Navigate to the Account Menu Button

In Iru Endpoint, in the sidebar, click the Account Menu Button.

Access Authentication Settings

Click the Access option in the menu.

Find Authentication Section

Select the Admin and Authentication tab (selected by default) and scroll down to Authentication methods.

Configure SSO Integration

Click on the ellipsis next to the SSO integration that was created earlier in this article, and choose Configure.

Update Client Secret

Replace the Client Secret with the client secret value that was copied earlier.

Save Changes

Click Save.

Test Configuration

Be sure to test the configuration by signing into the Iru Endpoint web app and choosing the Native SSO login option that was created. You’ll want to test this with a private browser window/incognito window and verify that you are able to sign in to the Iru Endpoint web app.

Clean Up Old Secret

You can then optionally delete the previous client secret from the App registration in Entra ID.

Considerations

Security: Ensure that your Microsoft Entra ID tenant has appropriate security policies configured for OAuth2/OpenID Connect authentication. Client Secret Management: Client secrets expire after 24 months and must be renewed regularly. Consider using SAML-based SSO for longer-term solutions. Testing: Always test the SSO integration with a small group of users before rolling out to your entire organization. User Management: Users must exist in both Microsoft Entra ID and Iru Endpoint to successfully authenticate via SSO.

General

Devices

Agent

Blueprints

Enrollment

Library

Deployment Guides

Settings

Endpoint Detection & Response

Integrations

Vulnerability Management

Networking & Connectivity

API

Single Sign-on with Microsoft Entra ID (Native)

About Microsoft Entra ID Native Integration

How It Works

Prerequisites

Setting Up Microsoft Entra ID Application

Configuring Iru Endpoint Connection

Enforcing Single Sign-On

Renewing the Client Secret

Considerations

General

Devices

Agent

Blueprints

Enrollment

Library

Deployment Guides

Settings

Endpoint Detection & Response

Integrations

Vulnerability Management

Networking & Connectivity

API

​About Microsoft Entra ID Native Integration

​How It Works

​Prerequisites

​Setting Up Microsoft Entra ID Application

​Configuring Iru Endpoint Connection

​Enforcing Single Sign-On

​Renewing the Client Secret

​Considerations

About Microsoft Entra ID Native Integration

How It Works

Prerequisites

Setting Up Microsoft Entra ID Application

Configuring Iru Endpoint Connection

Enforcing Single Sign-On

Renewing the Client Secret

Considerations