Configuring Microsoft Entra ID with OpenID Connect

Updated
  • Published on Jun 22, 2025
  • 2 minute(s) read
  • DL
 Prev Next

Overview

This article provides step-by-step guidance on how to configure Microsoft Entra ID (formerly Azure Active Directory) for Encodify using OpenID Connect (OIDC).

Configuring OpenID Connect for Encodify via Microsoft Entra ID

Step 1: Start IdP Configuration in Encodify

  1. Navigate to: Site Configuration → Identity Providers and Users → Identity Providers.

  2. Click Add New IdP.

  3. Fill in the fields as follows:

    • Name ID: Use only English letters without spaces. This will be part of the URL.

    • Display Name for Login Page: This will be shown on the login button.

    • Authentication Method: Select OpenID Connect.

    • Email Domains (optional): Specify allowed domains (e.g. encode.dk, microsoft.com).

  4. Click Next to proceed to Step 2.

Step 2: Link to a Login URL

  1. Link your IdP configuration to an existing Login URL and Login Page, or create new ones.

    • Each IdP can be linked to only one Login URL.

  2. Click Next to proceed to Step 3.

Step 3: Copy Callback URL

  • Copy the Callback URL provided on this page. You'll use it when setting up your Entra ID app.

Step 4: Create OAuth Credentials in Microsoft Entra Admin Center

Register a New Application

  1. Go to the Microsoft Entra Admin Center and log in.

  2. Use the search bar to navigate to App registrations.

  3. Click + New registration.

  4. Enter the Name for your application.

  5. Click Register.

Configure Authentication

  1. In your new application's left menu, click Authentication.

  2. Click + Add a platform and choose Web.

  3. Paste the Callback URL copied from Encodify.

  4. Click Configure.

Generate Client Secret

  1. Navigate to Certificates & Secrets.

  2. Click + New client secret.

  3. Add a Description and choose an Expiration period.

  4. Click Add and copy the Client Secret (you'll use this in Encodify).

Get OpenID Configuration URL

  1. Go to the Overview page of your Entra ID app.

  2. Locate and copy the Directory (tenant) ID and Application (client) ID.

  3. Find the OpenID Connect metadata document link—this is your OpenID Configuration URL.

    • Format: https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration

Step 5: Complete IdP Configuration in Encodify

  1. In Step 3 of the Encodify IdP setup, enter your OpenID Connect Config URL (from Step 7).

  2. Encodify will auto-fetch the following:

    • OpenID Connect JWK URI

    • OAuth2 Authorization URL

    • OAuth2 Access Token URL

  3. Fill in the remaining fields manually:

Field

Value

OAuth2 Client ID

From Entra App Registration

OAuth2 Client Secret

From Entra Client Secret

OAuth2 Scope

openid, email

External User ID Attribute

email

  1. Click Next to proceed to further steps (e.g., access rights, default groups, etc.) as needed.

Note: Microsoft Entra ID does not support mapping of custom user claims beyond standard ones (e.g. name, email).

Step 6: Default User Groups

  1. Define default groups to assign on first login.

  2. Click Next.

Step 7: Welcome Message & First Login Email

  1. Optionally enable a Welcome Email and First Login Message.

  2. Click Save IdP to complete the setup.

Logging In via Microsoft Entra ID OIDC

If Entra ID is the only method linked to the Login URL, users are redirected directly. If multiple methods exist, users will see a button (e.g. Sign in with Microsoft). Upon first login, users will be auto-provisioned in Encodify with configured roles and attributes.

Related articles