1. Flip Support
  2. For Administrators
  3. SSO (Single-Sign-On)

OIDC: How to set up Microsoft Entra ID

Requirements for this guide:

To use Flip with your existing Azure instance, Flip must be registered as a new app. After this step, the app can be configured to use Single Sign-On (SSO). We will guide you through the individual steps in our step-by-step guide.

 

Create an App registration

azure_start_app_registration.png

The first step is to register a new app in Azure. Use the search box (1) and select “App registrations” (2) to go to the overview of all current registered apps.

Then simply click “New registration” (3). You will be forwarded to a form.

 

azure_start_app_details.png

Fill out the form with the following details:

  • The name of the new application (1). Use a name which enables you to identify Flip at any time. In this example, we’re simply using “Flip App”.
  • The account type (2). In most cases, the first option, “Single tenant”, is enough. Please select the needed option for your case.

Click “Register” to have the new app registered.

 

Create a user to let Flip test SSO with your tenant

Please provide a test user to let Flip test the SSO process and configuration. Do ensure that testing is possible without any multifactor authentication obligations.

Untitled (29).png

Switch to the user administration by searching (1) and clicking on “User” (2). Then click on “+ New user / Create new user” to open a form.

Please note: select the correct user navigation entry (blue icon).

 

Untitled (21).png

Give the user a username that indicates their intended use (1).

Please note the user principal name and the password (2) to let Flip test the SSO configuration with your tenant.

Also ensure that the user is activated (3) and click on “Review + create” (4).

Important: Add the user to the group intended to act as the user base.

 

Add a client secret

Please note: if you’ve created an Enterprise application, you have to switch to “App registrations” first. Then select your application.

azure_client_creation.png

Be sure that you are within the configuration section of your new Flip app registration and click on “Certificates & secrets” (1) in the navigation bar on the left.

Then simply click on “New client secret” (2) and a simple form will be displayed on the right side.

Provide your information (3):

  • Description: Use a name which enables you to identify what this secret is used here, e.g., “Flip SSO” or something similar. In our example, we simply use “Client for Flip”.
  • Expiration period: Select a period for the secret. You will be notified if a secret expires and you can renew it. Check with your company policies — maybe there are restrictions on the duration of secrets.

Click “Add” (4) to add the secret to your registered app.
 

azure_client_secret_pixel.png

Save the following information:

  • Application (client) ID
  • Secret value

 

Configure SSO

auth_set_web_1.png

Before proceeding, ensure that you’ve selected the corresponding Flip app (1) in Azure.

Click on “Authentication” (2) in the navigation panel and click on “Add a platform” (3) to open up a panel on the right side.

Select “Web” (4) as the type of the app platform.

 

auth_set_web_2.png

 

Insert the URI (1) of your Flip tenant's endpoint. Your contact at Flip will provide this information to you. If you already know the domain and the tenant ID of your Flip tenant, you can build the URI yourself: https://DOMAIN/auth/realms/TENANT/broker/oidc-azuread/endpoint

Select the ID token option (2) and save (3) your configuration.

It will now be listed under “Platform configurations”.

 

azure_api_permission_5_endpoints_pixel.png

 

Click on “Overview” in the navigation panel and switch to “Endpoints” to get important information for the Flip Syncer configuration.

 

Untitled (22).png

Save the following information:

  • OAuth 2.0 token endpoint (v1!) (1)
  • OpenID Connect metadata document (2)

You can close the panel again.

 

Set up the User Principal Name (UPN)

If you’re planing to use information besides the Unique User Identifier / User Principal Name (UPN) as the username in Flip, please get in touch with your contact person at Flip. We have to configure a mapping for the specific user information and the username in Flip. Otherwise, Flip can’t identify the user correctly.

 

Untitled (23).png

Within your App registration (1), select “Token configuration” (2) in the navigation panel.

Check if “upn” is already listed. If not, click “Add optional claim” (3), select “ID” as the type of token and also “upn” (5) in the list below.

Then save this configuration by clicking on “Add” (6).

 

Handover to Flip

After going through each step, this is the list of information that should be noted down:

  • Directory (tenant) ID
  • App Registration Application (client) ID
  • App Registration Secret Value
  • OAuth 2.0 token endpoint
  • OpenID Connect metadata document
  • User principal name of the Flip test user
  • Password of the Flip test user

Please send all information to your contact person at Flip. They will set up Single-Sign-On for you.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request