hydden.docs

#

Creating an EntraID OpenID Provider

The following steps outline the configuration steps for adding an EntraID authentication provider.

  1. On the OpenID Provider page, click + Add Provider.

    img

  2. From the Provider drop-down, select either the Azure Single Tenant or Azure Multi Tenant option.

  3. Enter a Name. This is a required field and it can be used as the sign-in URL for your tenant.

    To set the name of the configured authentication provider to the sign-in URL, set the Sign-in Page URL switch. It allows for a sign-in page with one or more authentication providers specific to your organization only.

    • Generic sign-in URL: https://portal.hydden.com/signin/
    • Customized sign-in URL for your tenant: https://portal.hydden.com/signin/<your sign-in page identifier>
  4. In the Client ID field, enter the identifier of your authentication provider app.
  5. In the Client Secret field, enter the server address of for your authentication provider app.
  6. In the Issuer field, enter the authentication issuer. This field can take the URL of the authentication provider.
    • The single tenant setup only requires the basic issuer information, as in https://login.microsoftonline.com/{tenant}/v2.0.
    • The Multi Tenant setup required an organizations-based issuer, as in https://login.microsoftonline.com/organizations/v2.0.
  7. In the Issuer URL field, enter the URL of the authentication provider. For a single tenant setup this field is optional if the URL has been provided in the required Issuer field. For multi tenant it needs to be filled in, as in https://login.microsoftonline.com/{tenant}/v2.0.
  8. From the Auth Style drop-down, keep the selection as Auto Detect.
  9. From the Switch Prompt drop-down, select either login or select_account.
  10. Use the Order field to specify the order in which the authentication provider should appear on the sign-in page, if more than one provider is configured. This is an option field, if not set and more than one authentication provider is configured the providers are displayed in alphabetical order.

  11. In the Redirect URL field, provide a redirect URL for the user navigation following the authentication process. This is an optional field. By default, the user is placed into your default tenant address which can be a different destination in multi-tenant setups.

    img

  12. Click Add.