Contents x
    Entra ID (Azure AD) 3rd party authentication
    • 2 Minutes to read
      Contents

      Entra ID (Azure AD) 3rd party authentication

      • 2 Minutes to read
        Article Summary

        How to enable Entra ID (Azure AD) SSO?

        In order to login to NordLayer apps or Control Panel, users can authenticate their identity via Entra ID (Azure AD) SSO.

        Here’s how to set up Entra ID SSO integration:

        1. Log in to your Entra ID panel

        2. Click App registrations in the main menu

        3. Click New registration

        4. In the Name field, enter NordLayer

        5. Select your supported account types

        6. Click Register at the bottom of the page

        7. In the newly opened page, select API permissions tab in the left menu

        8. Click Add a permission and add the following permissions:

        • select Microsoft Graph, and choose Delegated permissions
        • mark profile and email under OpenId permissions
        • scroll to the bottom and make sure that under User, User.Read is check marked as well

        1. Confirm the selections by pressing on Add permissions at the bottom

        2. Press on Grant admin consent for at the top to grant admin consent for this directory on behalf of all of your users

        3. Confirm this option by choosing Yes on the opened prompt

        4. Head to Token configuration tab on the left side

        5. Select Add optional claim and choose Token type - ID, mark Claims: email, upn and save your selection by pressing on Add the bottom

        6. Open Authentication tab in the left menu

        7. Select Add a platform at the top

        8. Choose Web

        9. In the Redirect URls field, enter:

        https://auth.nordlayer.com/v1/tokens/oauth/resolution

        1. At Implicit grant and hybrid flows, check Access tokens and ID tokens

        2. Save the changes by clicking on Configure at the bottom

        3. Open Overview in the left menu

        4. Copy Application (client) ID and keep it safe

        5. Copy Directory (Tenant) ID and keep it safe

        6. Open Certificates & secrets tab in the left menu

        7. Choose Client secrets tab and press New client secret

        8. In the description field, enter NordLayer

        9. In the expiry field, select 24 months

        10. To save the changes, click on Add the bottom

        Note:

        Copy the generated Value and keep it somewhere safe as it is displayed only once

        Once you have all these three values: Application (client) ID, Directory (Tenant) ID and Generated Client Secret Value, you can head to NordLayer Control Panel on our website and navigate to Settings - Login methods. By choosing Entra ID (Azure AD) you will be prompted to enter those three collected values. Once you submit this information, your organization members will now have the ability to log into the NordLayer application using Entra ID (Azure AD).

        Login methods.png

        Note:
        • Single-Sign-On (SSO) will be enabled for the Control Panel, VPN apps, and Browser Extension
        • You can have multiple Single-Sign-On (SSO) methods enabled
        • It is possible to remove email & password authentication, leaving SSO as the only option to log in to the account

        Other available SSO providers include Google, JumpCloud, Okta, and OneLogin. You can set them up in the Control Panel by following these guides:

        Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.

        Was this article helpful?
        What's Next