Entra SSO Setup

Updated
  • Updated on May 9, 2025
  • Published on May 9, 2025
  • 2 minute(s) read
Prev Next

Adding Microsoft Single Sign-On (SSO) is no different from any other integration in WISdom from the perspective of the integrations page interaction, but getting the required values from Entra is more involved than most of the others. This article provides a walkthrough of the Entra side of this configuration process.

Overview

In order to use your own identity provider with WISdom you need to configure integration both in WISdom and in your identity provider. This document will guide you to do the following:

  1. Create an OIDC compliant “Application” in your Azure Entra account that is specific for supporting WISdom SSO.
  2. Create WISdom SSO credentials for that Application.
  3. Configure that Application to trust WISdom.
  4. Retrieve various configuration related values from that new Application to share with the WISdom SSO solution.

Note that WISdom SSO currently supports Client Credentials only. PKCE is not supported for verification.

Create a new Entra Application to use your Entra Identities for SSO

  1. Log into Azure and go to Entra.
  2. On left navigation menu choose Manage --> App Registrations.
  3. Choose “New Registration.”
  4. Enter the name you want to use.
    Register Entra Application

Create Application Client Credentials to allow WISdom integration with your Application

  1. On the main Application page you choose “Add a certificate or secret”
    Create Application Client Credentials

  2. Choose "+New client secret."
    New Client Secret

  3. Enter the name of the secret and the expiration.

    1. Note that you can choose an Expires value that conforms to your organization's standards, but please be sure to note when it will expire. It will need to be refreshed in WISdom prior to expiration to avoid disruptions in access.

Add Client Secret

  1. Save your secret “Value” before continuing. This is your Client Credential Secret and can only be done at time of creation. Save the “Secret ID” as well. This is your Client Credential ID.
    1. These are the credentials you will provide in your SSO configuration.

Saved Client Secret

Update a Whitelist of Allowed WISdom Redirect URLs in your Application

  1. Return back to the new application and choose “Add an Application ID URI.”
  2. Choose “Add a Platform.”
    Add A Platform
  3. Choose "Web" platform.
  4. Under “Web / Redirect URIs“ add the following URIs:
    1. https://app.fortifiedwisdom.com/bff/v1/oauth/oidc-callback
    2. https://app.fortifiedwisdom.com/login
  5. Under “Front-channel logout URL” enter:
    1. https://app.fortifiedwisdom.com/logout
  6. Under “Implicit grant and hybrid flows” choose “ID tokens (used for implicit and hybrid flows)“ check box.
    Configure Web
  7. Click Save.

Retrieve the New Application Values to configure SSO in WISdom

  1. Back at the application page you need to find the URLs to share are part of SSO configuration. Choose “Endpoints”.
    Endpoints
  2. Copy the “OpenID Connect metadata document” and open the endpoint in a new browser tab.
  3. Copy values for
    1. “jwks_uri" to get the Public Key URL.
    2. “token_endpoint" to get the Token URL.
    3. “authorization_endpoint" to get the Authentication URL.
    4. “issuer" to get the Token Issuer.
  4. Enter these values for your SSO configuration with WISdom along with your Client Credentials.
    1. Audience field value is optional but would be populated from the aud field of the JWT.
      Connect SSO