How To Set Up Your Own Microsoft App (OpenID Connect)

Step 1

Log in to the your Azure Portal:

https://portal.azure.com/


Step 2

Go to Azure Active Directory, and then go to App Registrations.

Step 2

Step 3

Click New Registration

Step 3

Step 4

  • Enter a name for your application (we recommend using your organization name)
  • Select Single Tenant for the supported account types.
  • Set the Redirect URI to:

    https://api.logonlabs.com/callback

Note: For the Microsoft Enterprise Provider, please ensure that the account type is Single Tenant. This restricts login to your domain only, whereas “Multitenant” will allow any Microsoft user to log in.

Step 4

Step 5

  • Click Register. After the application is created, take note of the Client ID
Step 5

Step 6

  • Click on Endpoints, and copy down the following:
    • OAuth 2.0 authorization endpoint (v2)
    • OAuth 2.0 token endpoint (v2)
Step 6

Step 7

  • Click on Certificates & Secrets, and then click on New client secret, name the description, set your desired expiry, and then click Add
Step 7

Step 8

  • Your Secret value will be generated automatically, and you must copy this Secret value down immediately; the value will be hidden forever if you navigate away from the page, so you must regenerate a new one if the value is lost
Step 8

Step 9

LogonLabs Setup:

  1. Go to logonlabs.com
  2. Click Sign In and authenticate (or Sign Up make a new account and authenticate)
  3. Navigate to Default Rules (or Domain Rules and open/create a domain module)
  4. Click on the Microsoft button under Enterprise Identity Providers
  5. Choose OpenID Connect.
  6. Click Add.
  7. Enter a name.
  8. Enter a description (optional).
  9. Enter the OAuth 2.0 Authorization Endpoint (v2) value from the Endpoints page in Azure.
  10. Enter the OAuth 2.0 Token Endpoint (v2) value from the Endpoints page in Azure.
  11. Enter the Application (client) ID from the Overview page in Azure.
  12. Enter the Client Secret that you generated and saved above.
  13. Click Add
  14. Enable Microsoft by clicking the new entry in the Microsoft Identity Providers list
Step 9