Entra SSO Setup

  • Updated on Apr 29, 2026
  • Published on May 9, 2025
  • 2 minute(s) read
Prev Next

Overview

Setting up Microsoft Single Sign-On (SSO) in WISdom follows the same process as any other SSO integration from the WISdom side, but retrieving the required values from Microsoft Entra requires more steps than most identity providers. This page walks you through the Entra side of the configuration process.

To use Microsoft Entra as your identity provider with WISdom, you need to configure integration in both WISdom and in Entra. This involves:

  1. Creating an OIDC-compliant application in your Microsoft Entra account specifically for WISdom SSO.
  2. Creating WISdom SSO credentials for that application.
  3. Configuring that application to trust WISdom.
  4. Retrieving configuration values from the application to enter into WISdom.
Note

WISdom SSO supports two authentication flows: Authorization Code and Authorization Code with PKCE (Proof Key for Code Exchange). The flow is selected during SSO configuration in WISdom. This guide covers the Entra configuration for the PKCE flow. Client Credentials flow is not supported.

Create a New Entra Application

  1. Log in to Azure and go to Entra.
  2. In the left navigation menu, choose Manage › App Registrations.
  3. Choose New Registration.
  4. Enter the name you want to use for this application.
    Register Entra Application

Create Application Client Credentials

  1. On the main application page, choose Add a certificate or secret.
    Create Application Client Credentials
  2. Choose + New client secret.
    New Client Secret
  3. Enter a name for the secret and set an expiration.
    Add Client Secret
Expiration Value

Choose an Expires value that conforms to your organization's standards, and make a note of when it will expire. The secret must be refreshed in WISdom before it expires to avoid disruptions to user access.

  1. Before navigating away, save the secret Value — this is your Client Credential Secret and is only visible at the time of creation. Also save the Secret ID — this is your Client Credential ID. You will enter both values when configuring SSO in WISdom.
    Saved Client Secret

Add WISdom Redirect URLs to Your Application

  1. Return to the application page and choose Add an Application ID URI.
  2. Choose Add a Platform.
  3. Select Web as the platform.
    Add A Platform
  4. Under Web › Redirect URIs, add the following URIs:
    • https://app.fortifiedwisdom.com/bff/v1/oauth/oidc-callback
    • https://app.fortifiedwisdom.com/login
  5. Under Front-channel logout URL, enter:
    • https://app.fortifiedwisdom.com/logout
  6. Click Save.

Retrieve Application Values to Configure SSO in WISdom

  1. On the application page, choose Endpoints.
    Endpoints
  2. Copy the OpenID Connect metadata document URL and open it in a new browser tab.
  3. From the metadata document, copy the following values:
Field in WISdom Metadata document key
Public Key URL jwks_uri
Token URL token_endpoint
Authentication URL authorization_endpoint
Token Issuer issuer
  1. Enter these values — along with your Client Credential ID and Secret — into your WISdom SSO configuration.
    Connect SSO
Audience Field
Audience Field
Audience Field

The Audience field in WISdom is optional. If used, the value comes from the aud field of the JWT.