Setting up the EntraID application¶

You can manage user authentication to the platform directly from your EntraID Active Directory (ex AzureAD).

From the Azure Portal home page, go to "Other Services" and select "Application registration":
Register a new application using the configuration below:
- Application name : isogeo-sso-app
- Web-type redirect URI: https://sso.isogeo.com/ID_GROUP/authorization-code/callback

Info

The workgroup ID can be retrieved from theApp url after authentication: https: //app.isogeo.com/groups/ID_GROUP/

Register an application

Create a new customer secret in the Certificates & secrets menu:

Warning

This element can only be retrieved immediately after it has been created. The only solution is to create a new client secret. This means copying the secret value and saving/pasting it somewhere.

Create a new secret

Add the required permissions to the application registration. These are Delegated email, offline_access, openid, profile and User.Read permissions on the Microsoft Graph API.

Granting authorizations

Retrieve and provide Isogeo with the following information:
- Application ID (e.g. 27f11b5e-a950-42c8-9a9f-56e6e4f68c11)
- Directory ID (e.g. 881afea1-e705-4bfd-8791-f7e1dc383b3d)
- Secret value (retrieved in step 3)
- Authority URL (e.g. https://login. microsoftonline.com/881afea1-e705-4bfd-8791-f7e1dc383b3d)
- OAuth 2.0 (v1) authorization endpoint URL (e.g. https://login. microsoftonline.com/881afea1-e705-4bfd-8791-f7e1dc383b3d/oauth2/authorize)
- OAuth 2.0 (v1) token endpoint URL (e.g. https://login. microsoftonline.com/881afea1-e705-4bfd-8791-f7e1dc383b3d/oauth2/token)
- Domain name (e.g. isogeo.fr)
- If possible, provide a user to test the connection.

Application details

Warning

The Isogeo team then configures the EntraID application in its database. Then, for all users to be able to connect via their EntraID account, an EntraID administrator user must first connect to the platform from the SSO authentication page.