# Microsoft Entra ID (formerly Azure AD) ## Introduction[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#introduction) Microsoft Entra ID (formerly Azure AD) provides secure identity management and single sign-on to applications that you can add to your Azure Active Directory. From Azure AD, you can provision users who should have access to Paradime i.e. any user added to your Microsoft Entra application, will be able to register / login to Paradime. ## Creating an application[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#creating-an-application) Log into the [Azure portal](https://portal.azure.com/#home) and select Azure Active Directory page, choose the relevant directory where you want to register the new application. 1. On the left panel under **Manage**, select **App registrations** 2. On the top of your screen click on the **+ New registration** button

3. In the in the **Name** field enter `Paradime` 4. In the **Supported account types** select `Accounts in this organizational directory only (single tenant)` 5. From the dropdown, select the `Web` option, enter the **Redirect URI** based on your region and click on the `Register` button.

Region	Redirect URI
EU 🇪🇺	`https://account.paradime.io/login/callback`
US 🇺🇸	`https://account.us.paradime.io/login/callback`

### Configuring permissions[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#configuring-permissions) 6. On the left panel under **Manage**, select **API permissions** 7. Click on **+ Add permissions**

8. Choose **Microsoft Graph** and select **Delegated permissions** 9. Select the permission as per the table below and click **Add permission** | **API Name** | **Type** | **Permission** | | --------------- | --------- | ---------------------------- | | Microsoft Graph | Delegated | `User.Read` | | Microsoft Graph | Delegated | `Directory.Read.All` | | Microsoft Graph | Delegated | `Directory.AccessAsUser.All` |

10. Now click on **Grant admin consent** to complete configuring the permissions required. You should see the `Status column` with a ✅ for the 3 permissions just granted

### Adding Users to an Enterprise Application[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#adding-users-to-an-enterprise-application) Now that you registered the application and granted the appropriate API permissions, you will want to assign the list of users that you want to enable to register / login to Paradime. 11. Navigate back to the Azure Active Directory where you created the nee application and from the left panel select **Enterprise Applications** 12. From the list, select the application you just created 13. In the left panel now select **Users and groups** 14. Click on **+ Add user/group** and assign from your list the users/group you want to enable to register / login into Paradime

## Get ClientID, Client Secret and primary domain[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#get-clientid-client-secret-and-primary-domain) Now that the app is configured with the required API permissions and users have been added to our Paradime enterprise application, we will need generate a Client secret and collect the Client ID and Azure AD primary domain. ### Find the Azure AD primary domain[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#find-the-azure-ad-primary-domain) 15. To find the Azure AD domain, navigate to your Azure Directory home screen, you will find the Primary domain in the `Basic information` section

### Get your Client ID[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#get-your-client-id) 16. To find your Client ID, on the left panel under **Manage**, select **App registrations** 17. Select the Application you created the previous steps and in the `Overview` page copy the **Application (client) ID**

### Generate a Client Secret[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#generate-a-client-secret) 18. Under Manage, click Certificates & secrets 19. Click +New client secret

20. Name the client secret "paradime" (or similar) to identify the secret 21. Select 730 days (24 months) as the expiration value for this secret (recommended)

22. Click Add to finish creating the client secret value (not the client secret ID) 23. Record the generated **client secret value** somewhere safe. Later in the setup process, we'll use this client secret in Paradime to finish configuring the integration.

## Configuring Paradime to enable Azure AD SSO[](https://app.dev.paradime.io/_help/92e9662/sso-azure-ad#configuring-paradime-to-enable-azure-ad-sso) Contact the Paradime Support team at and share the following information: * **Your Microsoft Azure AD Domain** * **Client ID** * **Client Secret** Paradime Support will process your request. After receiving a confirmation email, you can start logging into Paradime and only users in your Azure AD will be login to your account in Paradime using SSO. {% hint style="success" %} If you already have an existing Social login setup, then using the Azure AD SSO option, Paradime will automatically link your accounts and you can then use Azure AD SSO for all future logins. {% endhint %}