Guides

Microsoft Azure AD

Suggest Edits

How to configure Azure SSO

There are four steps to configure:

  1. You configure the Azure application.
  2. You send us the data.
  3. We configure things on our side.
  4. You test a login.

Let's jump into it.

1. Configure you Lepaya application on Azure

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. If you have access to multiple tenants, use the Directories + subscriptions filter in the top menu to select the tenant containing your client app's registration.
  3. Browse to Identity > Applications > App registrations and select New registration.
  4. Enter a display Name for your application, like “Lepaya”.
    1. Users of your application might see the display name when they use the app, for example during sign-in.
  5. Specify who can use the application, sometimes called its sign-in audience.
  6. Don't enter anything for Redirect URI (optional).
  7. Select Register to complete the initial app registration.
  8. When registration finishes, the Microsoft Entra admin center displays the app registration's Overview pane.
  9. On the Essentials section, click Add a Redirect URI.
  10. Click Add Platform and select Web.
  11. Add https://lepaya.eu.auth0.com/login/callback
  12. Enable the two options:
    1. Access tokens (used for implicit flows)
    2. ID tokens (used for implicit and hybrid flows)
  13. Click Configure.
  14. Repeat steps 9 to 14, but add the following URL: https://auth.lepaya.com/login/callback

1.1 Create a secret

  1. On your application page, click Add a certificate or secret
    1. To avoid problems, we recommend selecting 24 months and adding a calendar event 2 months before that date as a reminder to send a new secret.
    2. Don't worry, we'll add a reminder on our side too :)
  2. Click Add
  3. Past the secret value and the expiry date in a txt file in your computer
    1. 🚨 ATTENTION: it's the value, not the SECRET ID attribute
    2. Client secret values cannot be viewed, except for immediately after creation. Be sure to save the secret when created before leaving the page.

2. Send us the your info

  1. Add to the txt file you created:
    1. Application (client) ID
    2. Domain(s) to identify your emails with - this is especially important if you have multiple domains! E.g.: lepaya.com, lepaya.nl
  2. Send the txt following these instructions: https://developer.lepaya.com/docs/how-to-share-sensitive-information-with-us
  3. Delete the file from your computer to avoid exposing the secret

ℹ️ Microsoft official documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

3. The next step is with us

After that, it's our turn. We'll get your and do the setup on your environment.

4. You test a login

After that, we'll let you know all is set and you can test a login.

Troubleshooting

A user can't log in

  1. Go through our configuration steps again
  2. Make sure:
    1. The redirect URLs are correct
    2. You sent us a valid secret VALUE (not the secret ID)
    3. If you are not sure, send a new one and we can update it
    4. The user that's trying is authorized to use the Azure application
    5. The user has the email domain you sent us.
      1. For instance, if you sent us @company.com and the user is trying to login with @company.io, you need to send us the other domains we should allow

I can't find the problem, can you help me?

Sure! If you already tried going through the debugging options here, feel free to send us an email.

Please attach the log of the failed attempt:

  1. Azure application > Sign-in Logs
  2. Find the event
  3. Open it and send us a full screenshot

Updated 6 days ago