Microsoft Entra

In short

1. Make an App registration in azure

2. Create a secret for the app registration

3. Copy both client ID and secret

4. Create an oAuth configuration in the WriteBackExtreme management console

5. Copy the two return URL's

6. Add the return URL's to the app registration in Azure.

Step-by-step

1. Login to the azure portal

2. In the search bar at the top, search for `Microsoft Entra ID`

3. Click the + Add button at the top and select App registration

1. Give the application a name (Preferably with the name `WriteBackExtreme` in it).

2. Select the account types you want to support

3. Note: Do not set the Redirect URI, we will do that later on.
4. Press the blue register button at the bottom. You will be redirected to the overview page

5. On the overview page, copy the client ID. You need to provide this later on in the WriteBackExtreme Management console.

1. In the left menu, go to `Certificates & secrets`

2. Click the `New client secret` button

1. Give it a description and an expire date. Note that WriteBackExtreme will not notify you when the secret expires.

1. Copy the secret. You need to provide this in the WriteBackExtreme Management console.

2. Open up the WriteBackExtreme Management console, click security and click oauth.

3. Click + OAuth Configuration and fill in all fields.

When you entered the client ID At the bottom of the page you will find two return URLs. These URL's need to be added to the App registration in Azure. Copy the first one.

1. Click on Authentication the left menu of the app registration page in azure

3. In the pane on the right, choose Web

4. Paste the first URL that you copied from the WriteBackExtreme Management console

Once the first return URL has been setup, it is easy to add the second return URL by clicking the Add URI button.

Do not forget to hit the blue save button at the bottom.

1. Go back to the management console and click the Test OAuth button.

Common error messages

AADSTS50020: User account xxx from identity provider x does not exist in tenant...

When this message appears when the account type is set to single tenant and you are trying to login with an account that is not registered in that tenant. You probably need to login with an other account of set the account type to Multi tenant.