Unify Logo Footer.svg
Governance
Logo
Azure OpenID SSO Configuration

Azure OpenID SSO Configuration

1. Configure Identity Provider in UnifyApps

Follow the steps below to establish a Single Sign-On (SSO) connection using OpenID between UnifyApps and Microsoft Azure.

STEP 1 · Open Identity Provider Settings

Navigate to your specific environment in UnifyApps and go to: Platform ToolsSecurityIdentity Providers.

image1.png
image1.png

STEP 2 · Select OpenID & Copy Callback URL

Select OpenID from the Identity Provider dropdown menu. Locate the Callback URL generated and copy it to your clipboard.

image4.png
image4.png

2. Register Application in Microsoft Azure

STEP 3 · Create a New App Registration

Log into the Azure Portal, go to Microsoft Entra ID (formerly Azure Active Directory), and navigate to App registrationsNew registration. Select the appropriate account access level for your organization.

STEP 4 · Configure Redirect URI & Register

In the Redirect URI section, set the platform type to Web and paste the Callback URL you copied from UnifyApps. Click Register.

Sample Redirect URL : https://orbit.uat.unifyapps.com/auth/sso/OPEN_ID/complete-login

image2_2.png
image2_2.png

STEP 5 · Generate Client Secret

Once registered, navigate to Certificates & secretsClient secretsNew client secret. Select your preferred expiration duration and click Add.

⚠️ Important: Instantly copy the secret Value (not the Secret ID). It will be permanently hidden once you leave the page.

image5_2.png
image5_2.png

3. Complete Setup & Mapping

STEP 6 · Add Credentials to UnifyApps

Return to the UnifyApps Identity Provider setup page and paste the Azure secret value into the Client Secret Key field.

image3_2.png
image3_2.png

STEP 7 · Configure Endpoints & Tenant ID

Fill out both the Authorization URL and the Access Token Endpoint using your specific Azure Tenant ID.

  • Note: Both fields share the same URL structure containing your Tenant ID, which can be found under the Overview tab of your Azure application.

Sample Access Token Endpoint : https://microsoftonline.com/{tenant-id}/oauth2/v2.0/token

(Replace the placeholder ‘Tenant-id’ with actual tenant id from Overview tab of Azure application)

STEP 8 · Define Scopes & Attribute Mapping

Add the required authentication scopes to specify the level of data access granted to UnifyApps. Next, fill out the Default Attribute Mapping to properly pair Azure user claims with UnifyApps user profiles.

Scopes -

Scopes

Select

Scope 1

openid

Scope 2

profile

Scope 3

email

Default Attribute Mapping - 

Field

Value

Username JSON Path

/email

Email JSON Path

/email

STEP 9 · Assign Users in Azure

Go back to your Azure application dashboard, navigate to Enterprise applicationsUsers and groups, and assign the specific users or groups who should be allowed to log in via this SSO setup.