Microsoft Entra ID (formerly Azure AD)#

To set up your Union instance to use Microsoft Entra ID as the identity provider, follow the directions below.

Microsoft documentation

In this article, we cover the same steps as the Quickstart: Register an application with the Microsoft identity platform Microsoft documentation, but with additional directions specific to Union.

Register an Entra ID application#

  1. Log into your Azure account as a cloud application administrator or higher permission level.

  2. In the identity drop down on the top right of the page (indicated by the email you are currently logged in as) select Switch directory, then select the directory yin which you want to register this application.

  3. Browse to Identity > Applications > App registrations and select New registration.

  4. Under Name, enter an appropriate display name. For example, Union Production.

  5. Under Supported account types, select Accounts in this organizational directory only.

  6. Under Redirect URI (optional), select Web and enter the following URI:

    https://signin.hosted.unionai.cloud/oauth2/v1/authorize/callback

  7. Click Register.

Make the app visible to users

New app registrations are hidden to users by default. You must enable the app when you are ready for users to see the app on their My Apps page. To enable the app, in the Microsoft Entra admin center, navigate to Identity > Applications > Enterprise applications and select the app. Then, on the Properties page, toggle Visible to users? to Yes.

Copy the values needed by the Union team#

When registration finishes, the Microsoft Entra admin center will display the app registration’s Overview page, from which you can copy the Application (client) ID, Directory (tenant) ID, and client secret needed by the Union team.

Application (client) ID and directory (tenant) ID#

Copy the Application (client) ID and Directory (tenant) ID from the overview page to a text file on your computer.

Application and directory ID

Client secret#

To get the client secret, on the overview page, go to Client credentials and click Add a certificate or secret.

Client credentials

On the subsequent page, under Client secrets, click New client secret to generate a new secret. Copy the Value of this secret to a plain text file on your computer.

Client secret

Share the client secret securely with Union#

  1. Copy the public key provided by Union here: public-key.txt

  2. Go to https://pgptool.org.

  3. Click the Encrypt tab.

  4. Upload the public key provided by Union under Receiver’s public key.

  5. Skip the Signer’s Private Key section.

  6. Enter the client secret in plain text and encrypt it.

  7. Download the encrypted text and share it with the Union team over Slack.

  8. Delete the client secret from the text file on your computer.

Share the IDs with Union#

Share the application (client) ID and directory (tenant) ID with the Union team over Slack. These values do not have to be encrypted.