Setting up Entra ID (Azure AD) SSO for NordLayer Service Management Portal

  • 2 minute(s) read
Prev Next

To streamline access to NordLayer apps and the Control Panel, you can integrate Entra ID (Azure AD) single sign-on (SSO).

Here's a step-by-step guide to setting it up:

  1. Log in to your Entra ID Panel
  2. Navigate to the App registrations section in the main menu
  3. Click New registration and name it NordLayer
  4. Select supported account types and click Register
  5. In the newly opened page, select API permissions tab in the left menu
  6. Click Add a permission, select Microsoft Graph, and choose Delegated permissions
  7. Mark profile under OpenID permissions. You may optionally also enable email toggle.
  8. Scroll to the bottom and ensure User.Read is selected in User tab.
  9. Confirm selections by clicking Add permissions at the bottom
  10. Click Grant admin consent and confirming with Yes
    1. Head to the Token configuration tab:
    2. Select Add optional claim
    3. Choose Token type as ID
    4. Mark Claims: upn claim (note that you may also optionally tick email) and save by clicking Add at the bottom
  11. In the left menu, select Authentication
  12. Click Add a platform at the top and choose Web
  13. In the Redirect URLs field, enter:
https://partner-api.nordlayer.com/v1/tokens/oauth/resolution
  1. You may also optionally check Access tokens and ID tokens under Implicit grant and hybrid flows
  2. Save changes by clicking Configure at the bottom
  3. In the left menu, select Overview and copy the Application (client) ID and Directory (Tenant) ID and store them securely
  4. Under Certificates & secrets in the left menu select Client secrets
  5. Select New client secret and enter NordLayer in the description field
  6. Choose a 24-month expiry and click Add to save.
Note

Keep the Generated Client Secret Value secure, as it's displayed only once

  1. Finalize NordLayer configuration by going to NordLayer Control Panel on our website
  2. Navigate to Settings

Settings - Default.png

  1. Choose Entra ID (Azure AD) and enter the three collected values:
    1. Application (Client) ID
    2. Directory (Tenant) ID
    3. Generated Client Secret Value

Settings - Enabling Entra ID SSO.png

  1. Submit the information to enable Entra ID (Azure AD) SSO for your organization.
Note
  • Single sign-on (SSO) will be enabled for the Control Panel, VPN apps, and Browser Extension.
  • Multiple SSO methods can be enabled.
  • You can remove email & password authentication, leaving SSO as the sole login option.

Other available SSO providers include Google, JumpCloud, Okta, and OneLogin. You can set them up in the Control Panel by following these guides:

In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.