Documentation Index

Fetch the complete documentation index at: https://docs.fortifiedwisdom.com/llms.txt

Use this file to discover all available pages before exploring further.

Entra SSO Setup

Prev Next

Setting up Microsoft Entra as your identity provider for WISdom SSO requires configuration in both Entra and WISdom. The Entra side involves creating an OIDC-compliant application, adding WISdom's redirect URIs, and collecting endpoint values. The WISdom side involves entering those values into the Connect SSO wizard.

WISdom supports two authentication flows: Authorization Code and Authorization Code with PKCE (Proof Key for Code Exchange). The flow you choose determines which fields are required in WISdom. Most of the Entra configuration is identical for both flows, and the only difference is whether you use a client secret.

For detailed steps within Entra, refer to Microsoft's app registration documentation.

Setup Sequence

  1. Create a new Entra application for WISdom
  2. Create application credentials
  3. Add WISdom redirect URIs
  4. Retrieve endpoint values from the metadata document
  5. Configure SSO in WISdom

Step 1 — Create a New Entra Application

  1. Log in to Azure and go to Entra.
  2. In the left navigation menu, select Manage › App Registrations.
  3. Select New Registration.
  4. Enter a name for the application. We recommend WISdom or Fortified WISdom.
  5. Save the registration.

Step 2 — Create Application Credentials

Both flows require a Client Credential ID (the Secret ID). Authorization Code also requires the Client Secret Value. PKCE does not use a client secret, and the Secret Value field is hidden in WISdom when PKCE is selected.

  1. On the application overview page, select Add a certificate or secret.
  2. Select + New client secret.
  3. Enter a name for the secret and set an expiration date.
Secret ID

For Authorization Code:
Before navigating away, copy both the Value (Client Secret Value) and the Secret ID (Client Credential ID). The Value is only visible at the time of creation.

For PKCE:
Copy only the Secret ID (Client Credential ID). The Secret Value is not used by WISdom and does not need to be saved for SSO purposes. A secret is created here because Entra requires this step to generate the credential container, but the secret string itself is not entered into WISdom.

Important — Authorization Code only:

The client secret has an expiration date. Note when it will expire and refresh it in WISdom before that date to avoid interruptions to user access.

Step 3 — Add WISdom Redirect URIs

  1. Return to the application overview page and select Add an Application ID URI.
  2. Select Add a Platform.
  3. Select Web as the platform.
  4. Under Web › Redirect URIs, add both of the following:
    • https://app.fortifiedwisdom.com/bff/v1/oauth/oidc-callback
    • https://app.fortifiedwisdom.com/login
  5. Under Front-channel logout URL, enter:
    • https://app.fortifiedwisdom.com/logout
  6. Select Save.

Step 4 — Retrieve Endpoint Values

  1. On the application overview page, select Endpoints.
  2. Copy the OpenID Connect metadata document URL and open it in a new browser tab.
  3. From the metadata document, locate and copy the following values:
Field in WISdom Metadata document key
Authentication URL authorization_endpoint
Token URL token_endpoint
Public Key URL jwks_uri
Token Issuer issuer
  1. Return to the application overview page and copy the Application (client) ID. This is your Client Credential ID in WISdom.

Step 5 — Configure SSO in WISdom

  1. Go to Admin Console › Integration › Integrations.
  2. Under Available Apps, select SSO.
  3. In the Connect SSO dialog, select either the Authorization Code or PKCE tab depending on the flow you are using.
  4. Complete the fields on the first page:
Field Required Value
Name Yes A display name for this SSO configuration
Issuer Yes issuer value from the metadata document
Audience No The aud value from your JWT, if required by your organization
Authentication Client ID Yes Application (client) ID from the Entra overview page
Authentication Client Secret Authorization Code only Secret Value from Entra Certificates & Secrets
PKCE:

The Authentication Client Secret field is not shown when PKCE is selected. Only the Client ID is required.

  1. Select Continue.
  2. Complete the fields on the second page:
Field Required Value
Authentication Endpoint Yes authorization_endpoint from the metadata document
Token Endpoint Yes token_endpoint from the metadata document
Public Key Endpoint Yes jwks_uri from the metadata document
Logout Endpoint No Your organization's logout URL, if applicable
  1. Select Test connection to validate the configuration.
  2. If the test succeeds, select Save.
Important:

Saving the configuration immediately changes all users to use the configured SSO upon their next login. If there are accounts that should not be configured to use SSO, a ticket will need to be created with the WISdom support team so they can be reverted to utilize the Auth0 authentication. Send the support request with the account names to: WISdomSupport@Fortified.com.

Related Topics