Skip to main content

About Microsoft Entra ID Native Integration

Microsoft Entra ID Native integration in Iru Endpoint lets you set up native Microsoft Entra ID integration for SSO. Users authenticate using their Microsoft Entra ID credentials through OAuth2/OpenID Connect.

How It Works

When users attempt to access Iru Endpoint, they’re redirected to Microsoft Entra ID for authentication using OAuth2/OpenID Connect protocols. After successful authentication, Microsoft Entra ID sends an access token back to Iru Endpoint, which validates the user’s identity and grants access. SSO can be used for Iru Endpoint Web App sign-in and for Require Authentication with Automated Device Enrollment.
Microsoft Entra ID is the new name for Azure AD (Azure Active Directory)
Because client secrets have a maximum life of 24 months, we recommend that you configure SAML based Single Sign-On instead of using the method described in this document.

Prerequisites

Before you begin, ensure you have:
  • Access to the Iru Endpoint Web App as an Admin or Account Owner
  • An administrator account in Microsoft Entra ID with permissions to create app registrations (such as Global Administrator, Application Administrator, or Cloud Application Administrator)

Configuring Iru Endpoint Connection

Follow these steps to configure the connection in Iru:
1

Navigate to the Account Menu Button

In Iru Endpoint, in the sidebar, click the Account Menu Button.
2

Access Authentication Settings

Click the Access option in the menu.
3

Select Admin and Authentication

Select the Admin and authentication tab (selected by default) and scroll down to Authentication methods.
4

Add Authentication Method

Click + Authentication method.
5

Enter Display Name

Enter a display name for the SSO Connection.
6

Select Authentication Method

Select Microsoft Entra ID for the Authentication method.
7

Create Connection

Click Create.
8

Copy Redirect URL

Copy the Redirect URL into a text document for later use. You’ll need this for the Microsoft Entra ID configuration.
9

Keep Tab Open

Keep the Iru Web App configuration modal open, then switch to the Microsoft Entra ID Configuration tab to continue.
Follow these steps to complete the configuration:
After completing the Microsoft Entra ID configuration, return here to finish setting up the SSO connection in Iru Endpoint. You’ll need the Client ID and Client secret you copied from Microsoft Entra ID.
1

Enter Directory Domain

Enter the Tenant ID that the application was registered within into the Microsoft Entra ID Domain field. Please refer to Microsoft’s documentation to locate your Tenant ID.
2

Enter Client ID

Enter the Client ID you previously copied from the Entra admin center.
3

Enter Client Secret

Enter the Client Secret you previously copied from the Entra admin center.
4

Save Configuration

Click Save.
5

Authorize Connection

After saving, a new dialogue box will appear with a link to authorize your connection. A Microsoft Entra ID administrator for your domain must click the link and complete this process to authorize the application. This box will not go away after authorization is completed.
6

Complete Authorization

In the new window that launches, sign in and click Accept.
7

Verify Authorization

After clicking Accept, you will be brought to an authorization success page.
8

Confirm Setup

Your connection has now been successfully configured and may be enabled and tested.
If you encounter the error “Failed to obtain access token,” it may be because the secret ID was used instead of the correct value.

Allow for Tenant Authentication

Once you have configured the SAML connection in Iru Endpoint and your identity provider, you can allow its use for tenant authentication. For step-by-step instructions, please refer to the Allowing Tenant Authentication and Managing Connections section in our Single Sign-on support article.

Limit Authentication to Domain

When configuring the SAML connection, you can optionally limit authentication to one or more domains. This can be useful when the SSO connection could authenticate to multiple domains. You can limit the authentication to your Iru tenant to a subset of the available domains.

Enforcing Single Sign-On

Once you have configured at least one Single Sign-on connection, you can disable Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via those methods. Please refer to our Single Sign-on support article for step-by-step instructions.

Renewing the Client Secret

1

Create New Client Secret

Follow the steps in the Microsoft Entra ID Configuration tab above to create a new client secret. Complete steps “Access Certificates and Secrets” through “Copy Secret Value” to create a new client secret and copy the value.
2

Navigate to Admin and authentication

After copying the value, return to the Iru Web App Configuration tab and follow steps 1-3 from the Configuring Iru Endpoint Connection section.
3

Select SSO Integration

Click on the ellipsis next to the SSO integration that was created earlier in this article.
4

Edit SSO Integration

Choose Edit.
5

Edit Client Secret

Click the Edit client secret button.
6

Update Client Secret

Paste the new Client secret value that was copied earlier.
7

Save Changes

Click Save.
8

Test Configuration

Be sure to test the configuration by signing into the Iru Endpoint web app and choosing the Native SSO login option that was created. You’ll want to test this with a private browser window/incognito window and verify that you are able to sign in to the Iru Endpoint web app.
9

Clean Up Old Secret

You can then optionally delete the previous client secret from the App registration in Entra ID.

Considerations

Security: Ensure that your Microsoft Entra ID tenant has appropriate security policies configured for OAuth2/OpenID Connect authentication. Client Secret Management: Client secrets expire after 24 months and must be renewed regularly. Consider using SAML-based SSO for longer-term solutions. Testing: Always test the SSO integration with a small group of users before rolling out to your entire organization. User Management: Users must exist in both Microsoft Entra ID and Iru Endpoint to successfully authenticate via SSO.