Entra ID (Azure AD) 3rd party authentication
  • 2 Minutes to read

    Entra ID (Azure AD) 3rd party authentication

      Article Summary

      How to enable Entra ID (Azure AD) SSO?

      To streamline access to NordLayer apps and the Control Panel, you can integrate Entra ID (Azure AD) single sign-on (SSO). Here's a step-by-step guide to setting it up:

      1. Log in to your Entra ID Panel
      2. Navigate to the App registrations section in the main menu
      3. Click New registration and name it NordLayer
      4. Select supported account types and click **Register **
      5. In the newly opened page, select API permissions tab in the left menu
      6. Click Add a permission, select Microsoft Graph, and choose Delegated permissions
        1. Mark profile under OpenID permissions. You may optionally also enable email toggle.
        2. Scroll to the bottom and ensure User.Read is selected in User tab.
      7. Confirm selections by clicking Add permissions at the bottom
      8. Click Grant admin consent and confirming with Yes
      9. Head to the Token configuration tab:
        1. Select Add optional claim
        2. Choose Token type as ID
        3. Mark Claims: upn claim (note that you may also optionally tick email) and save by clicking Add at the bottom
      10. In the left menu, select Authentication
      11. Click Add a platform at the top and choose Web
      12. In the Redirect URLs field, enter:
      1. You may also optionally check Access tokens and ID tokens under Implicit grant and hybrid flows
      2. Save changes by clicking Configure at the bottom
      3. In the left menu, select Overview and copy the Application (client) ID and Directory (Tenant) ID and store them securely
      4. Under Certificates & secrets in the left menu select Client secrets
      5. Select New client secret and enter NordLayer in the description field
      6. Choose a 24-month expiry and click Add to save.

      Keep the Generated Client Secret Value secure, as it's displayed only once

      1. Finalize NordLayer configuration by going to NordLayer Control Panel on our website
      2. Navigate to Settings and select Login methods
      3. Choose Entra ID (Azure AD) and enter the three collected values:
        1. Application (client) ID
        2. Directory (Tenant) ID
        3. Generated Client Secret Value
      4. Submit the information to enable Entra ID (Azure AD) SSO for your organization

      Login methods.png

      • You can update your claims at any time without disabling SSO
      • If both UPN and Email claims are selected, the system will read both during the SSO process and attempt to match a member with either claim. The first match found will be used to log in.
      • We recommend including UPNs in your selection, especially if Azure provisioning is used.
      • Multiple SSO methods can be enabled
      • You can remove email & password authentication, leaving SSO as the sole login option

      Other available SSO providers include Google, JumpCloud, Okta, and OneLogin. You can set them up in the Control Panel by following these guides:

      Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.

      Was this article helpful?