The following procedure creates an OIDC SSO configuration for your Enterprise organization.
-
Owneroradminrole in an Enterprise organization -
Administrative access to your organization’s Microsoft Azure AD portal
This configuration supports the following:
-
Service provider initiated SSO
-
Single Log Out [optional]
Before configuring SSO, you need to assign a namespace and make files of your service provider certificate and private key. These steps provide the information you need to enter later.
Create your namespace:
-
Go to Organization > SSO.
-
Under Namespace, enter the namespace you want for your organization, for example,
acmecorp. Your organization members enter this namespace when they log in via SSO. -
Under SSO type, select Oauth2.
-
Log in to Microsoft Azure AD and go to Manage Microsoft Entra ID.
-
Click Enterprise applications.
-
Click + New Application.
-
Click + Create your own application.
-
Enter a name for your app and select Register an application to integrate with Microsoft Entra ID (App you’re developing).
-
Click Create.
-
Enter and select the following:
Section on Register an application page
Required information
Name
Enter a name for your OIDC SSO app
Supported account types
Select the option best for your use case.
For example, use Accounts in this organizational directory only if your application is only for internal use within your organization.
Redirect URI (optional)
Although Microsoft marks this field as optional, successful implementation with Boost.space IntegratorPart of the Boost.space system, where you can create your connections and automate your processes. requires the following:
Select a platform – Web
https://next.integromat.com/sso/login
-
Click Register.
-
In the Microsoft Azure AD portal go to Home > Enterprise applications > {your OIDC app} > Single Sign-on and click Go to application.
-
Under Essentials, find Application (client) ID. Copy this value and save it in a secure place. This is the required information for the Client ID field in your Boost.space Integrator SSO configuration.
-
In the lefthand menu under Manage, click Certificates & secrets.
-
Click + New client secret.
-
In the new dialogue, enter a short description and click Add.
-
Find the new client secret on the list. Copy the Value and save it in a secure place. This is the required information for the Client secret field in your Boost.space Integrator SSO configuration.
-
In the lefthand menu under Manage, click TokenA secure code used to authenticate and authorize access to API endpoints, enabling users to connect with third-party applications. Configuration.
-
Click + optional claim.
-
In the new dialogue, select ID.
-
A list appears. Select Email.
-
In the lefthand menu under Manage, click API Permissions.
-
Click + Add permission.
-
In the new dialogue, click Microsoft Graph.
-
Click Application permissions.
-
Use the search bar to find
User.Read.All. -
Select
User.Read.Alland click Add permissions.![[Tip]](https://docs.boost.space/wp-content/themes/bsdocs/docs-parser/HTML/css/image/tip.png)
Tip You can select
User.Readinstead ofUser.Read.All
To provide access to your organization members, you need to add these users to your app in the MS Azure portal.
-
Enter the following information on the SSO tab of your organization’s dashboard:
Field on SSO tab
Value to enter
User information URL
https://graph.microsoft.com/v1.0/meClient ID
Enter the Application (client) ID you copied in step 2 of Create your client credentials.
Token URL
https://login.microsoftonline.com/1234etc/oauth2/v2.0/tokenLogin scopes
User.Read.AllScopes separator
Enter a single space.
Authorize URL
To find your Authorize URL:
Client secret
Enter the Value you copied in step 6 of Create your client credentials.
User information IML resolve
{“id”:”{{id}}”,”email”:”{{mail}}”,”name”:”{{givenName}}”}
Redirect URL
No action required
Team provisioning for new users
Select an option based on your needs.
-
Click Save.