# Microsoft Entra ## In short 1. Make an App registration in azure 2. Create a secret for the app registration 3. Copy both client ID and secret 4. Create an oAuth configuration in the WriteBackExtreme management console 5. Copy the two return URL's 6. Add the return URL's to the app registration in Azure. ## Step-by-step 1. Login to the[ azure portal](https://portal.azure.com) 2. In the search bar at the top, search for \`Microsoft Entra ID\` 3. Click the `+ Add` button at the top and select `App registration`

4. Give the application a name (Preferably with the name \`WriteBackExtreme\` in it). 5. Select the account types you want to support (Single Tenant or Selected Tenants) 6. Note: Do not set the Redirect URI, we will do that later on. 7. Press the blue register button at the bottom. You will be redirected to the overview page 8. On the overview page, copy the client ID. You need to provide this later on in the WriteBackExtreme Management console.

9. In the left menu, go to \`Certificates & secrets\` 10. Click the \`New client secret\` button

11. Give it a description and an expire date. Note that WriteBackExtreme will not notify you when the secret expires.

{% hint style="info" %} Secret expiration is your responsibility to manage. WriteBackExtreme will **not notify** when this expires. {% endhint %} 12. Copy the secret. You need to provide this in the WriteBackExtreme Management console.

13. Open up the WriteBackExtreme Management console, click security and click oauth. 14. Click + OAuth Configuration and fill in all fields.

When you entered the client ID At the bottom of the page you will find two return URLs. These URL's need to be added to the App registration in Azure. Copy the first one. 15. Click on `Authentication` the left menu of the app registration page in azure 16. Click the ![](/files/4apMxTFmacpZDOl4mXfb) button 17. In the pane on the right, choose `Web` 18. Paste the first URL that you copied from the WriteBackExtreme Management console

Once the first return URL has been setup, it is easy to add the second return URL by clicking the `Add URI` button.

Do not forget to hit the blue save button at the bottom. 19. Go back to the management console and click the `Test OAuth` button. ### Common error messages #### AADSTS50020: User account xxx from identity provider x does not exist in tenant... When this message appears when the account type is set to single tenant and you are trying to login with an account that is not registered in that tenant. You probably need to login with an other account of set the account type to Multi tenant. ### --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.infotopics.com/writebackextreme/features/management-console/setup-security/oauth-setup/microsoft-entra.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.