- 2 Minutes to read
Entra ID (Azure AD) 3rd party authentication
- 2 Minutes to read
In order to enable Entra ID (Azure AD) as a login option for the end users, you will need to do the following:
Log in to your Entra ID (Azure AD) panel
Click App registrations in the main menu
Click New registration
In the Name field, enter NordLayer
Select your supported account types
Click Register at the bottom of the page
In the newly opened page, select API permissions tab in the left menu
Click Add a permission and add the following permissions:
- select Microsoft Graph, and choose Delegated permissions
- mark profile and email under OpenId permissions
- scroll to the bottom and make sure that under User, User.Read is check marked as well
Confirm the selections by pressing on Add permissions at the bottom
Press on Grant admin consent for at the top to grant admin consent for this directory on behalf of all of your users
Confirm this option by choosing Yes on the opened prompt
Head to Token configuration tab on the left side
Select Add optional claim and choose Token type - ID, mark Claims: email, upn and save your selection by pressing on Add the bottom
Open Authentication tab in the left menu
Select Add a platform at the top
Choose Web
In the Redirect URls field, enter:
https://auth.nordlayer.com/v1/tokens/oauth/resolution
At Implicit grant and hybrid flows, check Access tokens and ID tokens
Save the changes by clicking on Configure at the bottom
Open Overview in the left menu
Copy Application (client) ID and keep it safe
Copy Directory (Tenant) ID and keep it safe
Open Certificates & secrets tab in the left menu
Choose Client secrets tab and press New client secret
In the description field, enter NordLayer
In the expiry field, select 24 months
To save the changes, click on Add the bottom
Copy the generated Value and keep it somewhere safe as it is displayed only once
Once you have all these three values: Application (client) ID, Directory (Tenant) ID and Generated Client Secret Value, you can head to the Control Panel on our website and navigate to Settings.
By choosing Entra ID (Azure AD) you will be prompted to enter those three collected values. Once you submit this information, your organization members will now have the ability to log into the NordLayer application using Azure AD.
- Single-Sign-ON (SSO) will be enabled on Control Panel, VPN apps and Browser Extension
- You can have multiple SSO options listed for authentication
- It is possible to remove email & password authentication, leaving SSO as the only option to sign in
Other available SSO providers include Google, JumpCloud, Okta and OneLogin. You can set them up in the Service Management Portal by following these guides:
- Google SSO 3rd party authentication
- JumpCloud 3rd party authentication
- Okta 3rd party authentication
- OneLogin 3rd party authentication
Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.