Microsoft Entra ID

Register a Microsoft Entra ID (Azure AD) app for Proliferate SSO.

Use a Microsoft Entra ID app registration to sign in to Proliferate with OpenID Connect.

Prerequisites

  • An Entra directory (tenant) in which you can register applications. A personal Microsoft account with no directory cannot register apps; create a directory first (e.g. via an Azure free account or the Microsoft 365 Developer Program).
  • The Redirect URI from your Proliferate Single sign-on settings.

Register the application

  1. In the Microsoft Entra admin center (or the Azure portal), go to Identity → Applications → App registrations and click New registration.
  2. Enter a Name (e.g. Proliferate SSO) and choose the Supported account types that fit your organization (Single tenant is typical).
  3. Under Redirect URI, select platform Web and paste the Redirect URI copied from Proliferate.
  4. Click Register. From Overview, copy the Application (client) ID and the Directory (tenant) ID.
  5. Go to Certificates & secrets → Client secrets → New client secret, set an expiry, and copy the secret Value (shown once).
  6. Go to Token configuration → Add optional claim, choose token type ID, check email, and Add. When prompted, also turn on the Microsoft Graph email permission so the claim is included in the token.

Entra app registration Overview showing Application (client) ID and Directory (tenant) ID

The app registration Overview: copy the Application (client) ID and Directory (tenant) ID.

Entra Certificates & secrets page with a client secret

Create a client secret under Certificates & secrets and copy its Value.

Entra Token configuration showing the email optional claim on the ID token

Add email as an optional claim on the ID token under Token configuration.

Warning:

Entra rejects http://127.0.0.1 for a Web redirect URI; it accepts only https:// or http://localhost. For local testing, register http://localhost:8025/auth/sso/oidc/callback and reach Proliferate via localhost (not 127.0.0.1) so the redirect matches.

Values for Proliferate

Proliferate fieldValue
OIDC issuer URLhttps://login.microsoftonline.com/<tenant-id>/v2.0
OIDC client IDApplication (client) ID
OIDC client secretClient secret Value
OIDC scopesopenid email profile
Token auth methodClient secret basic

You can confirm the issuer at https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration.

Info:

The email claim only appears if the signing-in user has a verified email on the tenant. The optional claim and Graph email permission added above ensure it's requested.

Finish in the SSO settings: paste the values above, Save, Test, then Enable.

On this page