Microsoft Entra ID
Determine App Domain
In the documentation, <app_domain> signifies the domain you should utilize, corresponding to the Coalesce region you're operating in. The examples provided, such as
app.coalescesoftware.io
,app.eu.coalescesoftware.io
, orapp.australia-southeast1.gcp.coalescesoftware.io
, are illustrative and not comprehensive. There may be additional domain variations to accommodate various regional deployments.To ensure you're using the correct domain, always check the URL in the address bar once you're logged into the Coalesce application for your specific region's domain.
Configure Microsoft Entra ID
To use Microsoft Entra ID as your Single Sign-On provider, you'll want to create a new App Registration in Azure.
- Go to the Overview panel in Azure Active Directory
- Click the + Add dropdown
- Select App Registration
- On the registration page for this newly created integration, enter the following
- Name - this is typically going to be
Coalesce
but any friendly name works - Supported Account Types - choose which Account types to support, see the following screenshot
Supported Account Types
Personal Microsoft accounts only is not a supported option for Coalesce Azure SSO.
- Make sure you choose Single Page Application (SPA).
- Redirect URI - The redirect URI should be formatted as follows -
https://mySubdomain.<app_domain>/login/callback
. To request your subdomain on Coalesce, reach out to our support team.
- Click Register to create the integration. You'll now be at a window with all your App Registration settings. Keep this browser tab open as you'll need to enter some information from it into Coalesce.
- Open a new browser tab/window
- Sign in to your Coalesce application using username and password
- Go to Single-Sign on settings via User Menu > Org Settings > Single Sign-On.
- Fill out the fields using the following table:
Microsoft Permissions Requested
When selecting Use Single-Sign On with Microsoft Entra ID, the user may be prompted to grant Coalesce permission to:
- Sign you in and read your profile
- Maintain access to data you have given it access to
- Microsoft Graph:
- profile
- User.Read
These permissions can be pre-approved for future users by an admin in Microsoft Entra ID. They can go to Manage >App Registrations> Your App Registration > API Permissions. From there they select Add a permission > Microsoft Graph > Delegated Permissions and then select the desired permissions to pre-approve for the non-admin users.
Field | Description |
---|---|
Authority | The system being used for Single Sign On, choose Azure. |
Subdomain | This will be the same as mySubdomain chosen earlier in Step 4 (not the whole URI). To request your subdomain on Coalesce, reach out to our support team. |
Authorization Server | Single tenant integrations - https://login.microsoftonline.com/[tenantID]/ For multi-tenant and multi+personal integrations - https://login.microsoftonline.com/common/ |
OIDC clientID | Refer to the Application (client) ID in the "Essentials" section on the overview page for your App Registration. |
- Once you've filled out the SSO settings in Coalesce, click Save
- Log out of Coalesce
- Go to your subdomain -
https://mySubdomain.<app_domain>
- and click on the Use Single Sign-On button to log in using SSO.
Updated about 1 month ago