SSO with Microsoft Azure Entra ID (Azure AD)

Setting up OpsVerse ONE SSO (Single Sign-On) with Azure Entra ID formerly known as Azure Active Directory (Azure AD) involves several steps. Below is a comprehensive guide to configure SSO with Entra ID.

The creation of groups is essential for ensuring Role-based access control (RBAC) for the users in the organization.

Navigate to Microsoft Entra ID > Groups in Azure. Click on + New group button to add a new group. Select the group type as Security, the names can be Admin and Viewer. depending on the target user group. Select the membership type as Assigned.

Assign owners for the group.

Add all the relevant users/members for the group. For instance, all the admin users should be added to Admin group. Similarly, add the relevant users for the other groups.

Step 1: Navigate to Microsoft Entra ID > App registrations in Azure. Click on + New registration button to add a new app.

Step 2: Enter a name for the application. Fill out the name as per the internal organization semantics.

Specify who can use the application (For instance, Accounts in this organizational directory only (<org_name> only - Single tenant)would be a good starting point)

Enter the Redirect URL (optional) as follows (replacing <opsverse_one_url> with your OpsVerse ONE URL), then click on Add.

Step 3: The Azure portal displays the app registration's overview details when registration finishes. App details (applicationId /clientId, objectId, tenantId, etc)

Step 4: Configure additional platform settings. In the Azure portal, navigate to Microsoft Entra ID > App registrations, search for the newly created app and select your application.

Step 5: Under Manage, select Authentication. Under Platform configurations, select Add a platform.

Under Configure platforms, select the Web tile. Use the below values for Redirect URIs.



Step 6: Create a clientSecret credentials for the Entra ID app registration. Navigate to Microsoft Entra ID > App registrations > Certificates & secrets. Under Client secrets, click + New client secret button. Enter a Name for the secret (e.g. One-SSO) and create a secret.

Step 7: Setup permissions for Entra ID Application. Navigate to Microsoft Entra ID > App registrations > API permission. Click on + Add permission

Find the following permissions (under Microsoft Graph > Delegated permission) and grant it to the created application:

Your company may require you to grant admin consent for these permissions. Even if your company doesn't require admin consent, you may wish to do so as it means users don't need to individually consent the first time they access backstage. To grant admin consent, a directory admin will need to come to this page and click on the Grant admin consent for <COMPANY_NAME> button.

Navigate to Token Configuration menu, choose + Add groups claim

Step 8: Create Entra ID roles for OpsVerse ONE. Navigate to Microsoft Entra ID > App registrations in Azure. Search for the newly created application.

Navigate to <Newly Created App Name> > App roles and click on + Create app role.

Allowed member types should be Users/Groups, and value should be Admin, Editor, and Viewer respectively. The value should be Admin and Viewer respectively.

Step 9: Go to the created application (Microsoft Entra ID > Enterprise applications) and navigate to Users and groups section.

Add all the created groups.

Your Entra App is ready to be integrated with OpsVerse ONE!