Microsoft Entra
This page includes all steps to take to create an oAuth app registration for Microsoft Entra.
In short
Make an App registration in azure
Create a secret for the app registration
Copy both client ID and secret
Create an oAuth configuration in the WriteBackExtreme management console
Copy the two return URL's
Add the return URL's to the app registration in Azure.
Step-by-step
Login to the azure portal
In the search bar at the top, search for `Microsoft Entra ID`
Click the
+ Add
button at the top and selectApp registration
Give the application a name (Preferably with the name `WriteBackExtreme` in it).
Select the account types you want to support
Note: Do not set the Redirect URI, we will do that later on.
Press the blue register button at the bottom. You will be redirected to the overview page
On the overview page, copy the client ID. You need to provide this later on in the WriteBackExtreme Management console.
In the left menu, go to `Certificates & secrets`
Click the `New client secret` button
Give it a description and an expire date. Note that WriteBackExtreme will not notify you when the secret expires.
Secret expiration is your responsibility to manage. WriteBackExtreme will not notify when this expires.
Copy the secret. You need to provide this in the WriteBackExtreme Management console.
Open up the WriteBackExtreme Management console, click security and click oauth.
Click + OAuth Configuration and fill in all fields.
When you entered the client ID At the bottom of the page you will find two return URLs. These URL's need to be added to the App registration in Azure. Copy the first one.
Click on
Authentication
the left menu of the app registration page in azureIn the pane on the right, choose
Web
Paste the first URL that you copied from the WriteBackExtreme Management console
Once the first return URL has been setup, it is easy to add the second return URL by clicking the Add URI
button.
Do not forget to hit the blue save button at the bottom.
Go back to the management console and click the
Test OAuth
button.
Common error messages
AADSTS50020: User account xxx from identity provider x does not exist in tenant...
When this message appears when the account type is set to single tenant and you are trying to login with an account that is not registered in that tenant. You probably need to login with an other account of set the account type to Multi tenant.
Last updated