---
title: "Configuring Microsoft Entra ID with OpenID Connect"
slug: "microsoft-entra-id-with-openid-connect"
updated: 2025-06-22T21:08:43Z
published: 2025-06-22T21:08:43Z
canonical: "documentation.encodify.com/microsoft-entra-id-with-openid-connect"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://documentation.encodify.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuring Microsoft Entra ID with OpenID Connect

## Overview

---

This article provides step-by-step guidance on how to configure **Microsoft Entra ID** (formerly Azure Active Directory) for Encodify **using OpenID Connect (OIDC)**.

## Configuring OpenID Connect for Encodify via Microsoft Entra ID

---

### Step 1: Start IdP Configuration in Encodify

1. Navigate to: **Site Configuration → Identity Providers and Users → Identity Providers**.
2. Click **Add New IdP**.
3. Fill in the fields as follows:
  - **Name ID**: Use only English letters without spaces. This will be part of the URL.
  - **Display Name for Login Page**: This will be shown on the login button.
  - **Authentication Method**: Select **OpenID Connect**.
  - **Email Domains (optional)**: Specify allowed domains (e.g. `encode.dk, microsoft.com`).
4. Click **Next** to proceed to Step 2.

### ![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/23331439218333.png)

### Step 2: Link to a Login URL

1. Link your IdP configuration to an existing **Login URL** and **Login Page**, or create new ones.
  - Each IdP can be linked to only one Login URL.
2. Click **Next** to proceed to Step 3.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/23331454501021.png)

### Step 3: Copy Callback URL

- Copy the **Callback URL** provided on this page. You'll use it when setting up your Entra ID app.

### Step 4: Create OAuth Credentials in Microsoft Entra Admin Center

#### Register a New Application

1. Go to the [Microsoft Entra Admin Center](https://entra.microsoft.com) and log in.
2. Use the search bar to navigate to **App registrations**.
3. Click **+ New registration**.
4. Enter the **Name** for your application.
5. Click **Register**.

#### Configure Authentication

1. In your new application's left menu, click **Authentication**.
2. Click **+ Add a platform** and choose **Web**.
3. Paste the **Callback URL** copied from Encodify.
4. Click **Configure**.

#### Generate Client Secret

1. Navigate to **Certificates & Secrets**.
2. Click **+ New client secret**.
3. Add a **Description** and choose an **Expiration** period.
4. Click **Add** and copy the **Client Secret** (you'll use this in Encodify).

#### Get OpenID Configuration URL

1. Go to the **Overview** page of your Entra ID app.
2. Locate and copy the **Directory (tenant) ID** and **Application (client) ID**.
3. Find the **OpenID Connect metadata document** link—this is your OpenID Configuration URL.
  - Format: `https://login.microsoftonline.com/&lt;tenant-id&gt;/v2.0/.well-known/openid-configuration`

### Step 5: Complete IdP Configuration in Encodify

1. In Step 3 of the Encodify IdP setup, enter your **OpenID Connect Config URL** (from Step 7).
2. Encodify will auto-fetch the following:
  - **OpenID Connect JWK URI**
  - **OAuth2 Authorization URL**
  - **OAuth2 Access Token URL**
3. Fill in the remaining fields manually:

| Field | Value |
| --- | --- |
| OAuth2 Client ID | *From Entra App Registration* |
| OAuth2 Client Secret | *From Entra Client Secret* |
| OAuth2 Scope | `openid, email` |
| External User ID Attribute | `email` |

1. Click **Next** to proceed to further steps (e.g., access rights, default groups, etc.) as needed.

> [!WARNING]
> **Note**: Microsoft Entra ID does not support mapping of custom user claims beyond standard ones (e.g. name, email).

### Step 6: Default User Groups

1. Define default groups to assign on first login.
2. Click **Next**.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750619703287.png)

### Step 7: Welcome Message & First Login Email

1. Optionally enable a **Welcome Email** and **First Login Message**.
2. Click **Save IdP** to complete the setup.

![](https://cdn.document360.io/3a63e0a8-1221-4570-aaa1-d43f9b95a612/Images/Documentation/image-1750615026946.png)

### Logging In via Microsoft Entra ID OIDC

If Entra ID is the only method linked to the Login URL, users are redirected directly. If multiple methods exist, users will see a button (e.g. **Sign in with Microsoft**). Upon first login, users will be auto-provisioned in Encodify with configured roles and attributes.