--- title: "Azure AD 3rd party authentication" slug: "azure-ad-3rd-party-authentication-smp" description: "." updated: 2025-04-14T12:19:36Z published: 2025-04-14T12:19:36Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.nordlayer.com/llms.txt > Use this file to discover all available pages before exploring further. # Entra ID (Azure AD) 3rd party authentication In order to enable Entra ID (Azure AD) as a login option for the end users, you will need to do the following: 1. Log in to your **Entra ID (Azure AD) panel** 2. Click **App registrations** in the main menu 3. Click **New registration** 4. In the Name field, enter **NordLayer** 5. Select your supported account types 6. Click **Register** at the bottom of the page 7. In the newly opened page, select **API permissions** tab in the left menu 8. Click **Add a permission** and add the following permissions: - select **Microsoft Graph**, and choose **Delegated permissions** - mark **profile** and **email** under **OpenId permissions** - scroll to the bottom and make sure that under **User**, **User.Read** is check marked as well 1. Confirm the selections by pressing on **Add permissions** at the bottom 2. Press on **Grant admin consent** for at the top to grant admin consent for this directory on behalf of all of your users 3. Confirm this option by choosing **Yes** on the opened prompt 4. Head to **Token configuration** tab on the left side 5. Select **Add optional claim** and choose Token type - **ID**, mark Claims: **email**, **upn** and save your selection by pressing on **Add** the bottom 6. Open **Authentication** tab in the left menu 7. Select **Add a platform** at the top 8. Choose **Web** 9. In the **Redirect URls** field, enter: ``` https://auth.nordlayer.com/v1/tokens/oauth/resolution ``` 1. At **Implicit grant and hybrid flows**, check **Access tokens** and **ID tokens** 2. Save the changes by clicking on **Configure** at the bottom 3. Open **Overview** in the left menu 4. Copy **Application (client) ID** and keep it safe 5. Copy **Directory (Tenant) ID** and keep it safe 6. Open **Certificates & secrets** tab in the left menu 7. Choose **Client secrets** tab and press **New client secret** 8. In the description field, enter **NordLayer** 9. In the expiry field, select **24 months** 10. To save the changes, click on **Add** the bottom 11. Copy the generated **Value** and keep it somewhere safe as it is displayed only once Once you have all these three values: **Application (client) ID**, **Directory (Tenant) ID** and **Generated Client Secret Value**, you can head to the Control Panel on our website and navigate to **Settings**. ![Settings - Default.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/Settings%20-%20Default%285%29.png) By choosing **Entra ID (Azure AD)** you will be prompted to enter those three collected values. Once you submit this information, your organization members will now have the ability to log into the NordLayer application using Azure AD. ![Settings - Enabling Entra ID SSO.png](https://cdn.document360.io/fc1049cd-8f71-4b89-b9b8-dbca9fdcdd16/Images/Documentation/Settings%20-%20%20Enabling%20Entra%20ID%20SSO%281%29.png) --- Note: - Single-Sign-ON (SSO) will be enabled on Control Panel, VPN apps and Browser Extension - You can have multiple SSO options listed for authentication - It is possible to remove email & password authentication, leaving SSO as the only option to sign in --- Other available SSO providers include Google, JumpCloud, Okta and OneLogin. You can set them up in the Service Management Portal by following these guides: - [Google SSO 3rd party authentication](/docs/google-sso-3rd-party-authentication-smp) - [JumpCloud 3rd party authentication](/docs/jumpcloud-3rd-party-authentication-smp) - [Okta 3rd party authentication](/docs/okta-3rd-party-authentication-smp) - [OneLogin 3rd party authentication](/docs/onelogin-3rd-party-authentication) **Note**: In case you have any questions or are experiencing any issues, please feel free to contact our [24/7 customer support team](/docs/how-do-i-contact-nordlayer-customer-support).