Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Microsoft Entra ID

Microsoft Entra ID Configuration

search

Microsoft Entra ID Configuration

This documentation discusses the implementation of Microsoft Entra ID as IDP with SafeNet IDPrimeVirtual.

Create New App Registration in Microsoft Entra ID

  1. Login to Microsoft Entra ID admin portal, select Azure Active Directory, and go to App registrations.
  2. Click New registration and provide a name for the app.
  3. Under Supported account types, select Accounts in this organizational directory only (Single tenant).
  4. Under Redirect URI > Web. Add a redirect URI for IDPrime Virtual Client in the following format: https://<IDPV_server_host>:port/redirect
    For example: https://10.164.44.218:3002/redirect.
  5. Click Register.

Modify App Configuration

Click on the app registered in the previous section, the overview page lists OIDC endpoints for accessing the application metadata. For example: Application ID, Client credentials, Redirect URI etc.

  1. Click Endpoints, select and open the OpenID Connect metadata document endpoint in browser. For example: https://login.microsoftonline.com/<Tenant_guid >/v2.0/.well-known/openid-configuration.
    Note the Issuer URL listed on this endpoint.
  2. Navigate to Client credentials > Client secrets > + New client secret. Add description and choose duration for which to keep the secret valid. Copy the Secret value to secure location. Users
  3. Navigate to Token Configuration > + Add optional claim. Select Access under token type and click Add. Select preferred_username from the list of claims as shown below. Users
  4. Repeat the above step to add optional claim in ID Token. Users
  5. Navigate to optional claims > + Add groups claim > Security groups, to add group claims.
    Users
    Keep default settings selected under Customize token properties by type. Users

  6. On the left pane. Select API permissions. Navigate to + Add permission > Microsoft Graph > Delegated permission.
    Users

    Users


  7. Navigate to OpenID permissions > offline_access and openid > Add permissions.
    Users

  8. Click Grant admin consent. Select Yes on the Grant Admin consent confirmation pop-up.
    Users
  9. Navigate to Expose an API > Application ID URI.
    Users

  10. Edit the URI. Replace the Application ID GUID with IDPV. Click Save. For example: Users

    The Application ID URI can be in the api://idpv or https://test.idprimevirtual.com format.

  11. Navigate to + Add a scope. Under scope name specify idpvscope. Provide admin consent display name and admin consent description. Click Save. Ensure State is set to enabled as shown below.
    Users

  12. Go to + Add a client application. Copy the Application ID from overview page of this app and add under Client ID and enter here. Select the check box under Authorized scopes. Click Save.

On this page