SSO with Microsoft Entra (Azure AD)

This guide walks you through setting up SSO with Microsoft Entra ID (formerly Azure Active Directory). You will register an application and use the Redirect URI: https://app.subnoto.com/auth/oidc.

Go to the Azure Portal.
Sign in with your administrator account.

Step 2: Navigate to Microsoft Entra ID

In the search bar, type Microsoft Entra ID (or Azure Active Directory).
Click on the Microsoft Entra ID service.

Step 3: Register a new application

In the left sidebar, click App registrations.
Click New registration.
Enter an application name.
Under Supported account types, select the appropriate option:
- For internal use: Accounts in this organizational directory only.
- For broader use: Accounts in any organizational directory.
Under Redirect URI:
- Select Web as the platform.
- Enter https://app.subnoto.com/auth/oidc.
Click Register.

Step 4: Configure authentication

In your newly created app, click Authentication in the left sidebar.
Ensure the redirect URI is properly configured.
Under Implicit grant and hybrid flows, check ID tokens.
Click Save.

Step 5: Create a client secret

Click Certificates & secrets in the left sidebar.
Under Client secrets, click New client secret.
Add a description and select an expiration period.
Click Add.
Immediately copy the secret value (you won’t be able to see it again).

Step 6: Get your credentials

Client ID: Found as Application (client) ID on the application overview page.
Client Secret: The value you copied in Step 5.
Issuer URL: https://login.microsoftonline.com/{your-tenant-id}/v2.0
Your tenant ID is found as Directory (tenant) ID on the application overview page.

Enter these values in Subnoto SSO settings to complete the setup.

Back to SSO overview