About Microsoft Entra ID Native Integration
Microsoft Entra ID Native integration in Iru Endpoint allows you to set up native Microsoft Entra ID integration for SSO, enabling users to authenticate using their Microsoft Entra ID credentials through OAuth2/OpenID Connect.How It Works
When users attempt to access Iru Endpoint, they’re redirected to Microsoft Entra ID for authentication using OAuth2/OpenID Connect protocols. After successful authentication, Microsoft Entra ID sends an access token back to Iru Endpoint, which validates the user’s identity and grants access to the platform.Note: Microsoft Entra ID is the new name for Azure AD (Azure Active Directory)
Because client secrets have a maximum life of 24 months, we recommend that you configure SAML based Single Sign-On instead of using the method described in this document.
Setting Up Microsoft Entra ID Application
1
Access Microsoft Entra Admin Center
Sign in to the Microsoft Entra admin center.
2
Navigate to Applications
In the left navigation bar, click Applications.
3
Access App Registrations
Click App Registrations.
4
Create New Registration
Click New Registration to register a new application.
5
Name the Application
In the Name field, specify a name for the application (such as “Iru Endpoint Native SSO”).
6
Select Account Types
For “Supported account types,” select Accounts in this organizational directory only.
7
Configure Redirect URI
In the Redirect URI field, select Web from the dropdown menu, and enter one of the following values, depending on where your Iru Endpoint tenant is hosted.
-
If your tenant is hosted in the US, use the following URI:
-
If your tenant is hosted in the EU, use the following URI:
8
Register Application
Click Register.
9
Copy Client ID
On the new page, copy the Client ID and save this for later.
10
Access Certificates and Secrets
Click Certificates and Secrets.
11
Create New Client Secret
Click “New client secret.”
12
Configure Secret Details
Give the client secret a name such as “Iru Endpoint Native SSO.”
13
Set Expiration
Set the expiration to 24 months.
14
Add Secret
Click Add.
15
Copy Secret Value
Copy the Value of the client secret, and save this for later. Note that the client secret Value is distinct from the client secret ID.
Configuring Iru Endpoint Connection
1
Navigate to Settings
Navigate to the Settings page.
2
Access Authentication Settings
Click the Access tab.
3
Add New Connection
Find the Authentication section and click the Add button at the bottom left of the authentication section.
4
Select Microsoft Entra ID
In the new blade, click on the Microsoft Entra ID connection option.
5
Continue Setup
Click Next.
6
Configure Connection Name
Customize or use the default Name for the Entra connection (this will be shown on the login page).
7
Enter Directory Domain
Enter the Entra ID Directory Domain that the application was registered within. Please refer to Microsoft’s documentation to locate your directory domain name.
8
Enter Client ID
Enter the Client ID you previously copied from the Entra admin center.
9
Enter Client Secret
Enter the Client Secret you previously copied from the Entra admin center.
10
Save Configuration
Click Save.
11
Authorize Connection
After saving, a new dialogue box will appear with a link to authorize your connection. A Microsoft Entra ID administrator for your domain will need to click the link and complete this process to authorize the application. This box will not go away after authorization is completed.
12
Complete Authorization
In the new window that launches, sign in and click accept.
13
Verify Authorization
After clicking Accept, you will be brought to an authorization success page.
14
Confirm Setup
Your connection has now been successfully configured and may be enabled and tested.
If you encounter the error “Failed to obtain access token,” it may be because the secret ID was used instead of the correct value.
Enabling the Connection
Once you have configured the connection in Iru Endpoint and your identity provider, you can enable it. For step-by-step instructions, please refer to our Single Sign-On support article.Enforcing Single Sign-On
Once you have configured at least one Single Sign-On connection, you can disable the Standard Authentication connection. Disabling Iru Endpoint standard authentication will disable the ability for Iru Endpoint administrators in your tenant to authentication via Email/Password, Google Sign in, or Office 365 Sign in. Please refer to our Single Sign-On support article for step-by-step instructions.Renewing the Client Secret
1
Create New Client Secret
Follow steps 9-14 in the Setting Up Microsoft Entra ID Application section of this article to create a new client secret and copy the value as shown in step 14.
2
Navigate to Settings
In the Iru Endpoint web app, navigate to the Settings page.
3
Access Authentication Settings
Click the Access tab.
4
Find Authentication Section
Find the Authentication section.
5
Configure SSO Integration
Click on the ellipsis next to the SSO integration that was created earlier in this article, and choose Configure.
6
Update Client Secret
Replace the Client Secret with the client secret value that was copied earlier.
7
Save Changes
Click Save.
8
Test Configuration
Be sure to test the configuration by signing into the Iru Endpoint web app and choosing the Native SSO login option that was created. You’ll want to test this with a private browser window/incognito window and verify that you are able to sign in to the Iru Endpoint web app.
9
Clean Up Old Secret
You can then optionally delete the previous client secret from the App registration in Entra ID.