Skip to main content

Microsoft Entra ID

Get your Subdomain

You'll need your subdomain to complete setup, it's used as part of the redirect URI.

Your subdomain is the subdomain of your Coalesce instance. For example, if you login at https://testapp.app.coalescesoftware.io/. Your subdomain is testapp. You can also check your subdomain by going to your organizations single sign-on settings.

If the Subdomain box in your settings is blank, you need to create a subdomain for your organization.

Configure Microsoft Entra ID

To use Microsoft Entra ID as your Single Sign-On provider, you'll want to create a new App Registration in Azure.

  1. Go to the Overview panel in Azure Active Directory

  2. Click the +Add dropdown

  3. Select App Registration

    Azure Active Directory home page

  4. On the registration page for this newly created integration, enter the following:

    1. Name - this is typically going to be Coalesce but any friendly name works
    2. Supported Account Types - choose which Account types to support, see the following screenshot.
    3. Make sure you choose Single Page Application (SPA).
    4. Redirect URI - The redirect URI should be formatted as follows - https://mySubdomain.<app_domain>/login/callback.
      1. Create a subdomain if one hasn’t already been defined for your organization. We recommend choosing a name specific to your organization. If the Subdomain box in your Single Sign-On Settings is blank, you need to create a subdomain for your organization.
    Configuring an App Integration in Azure
    Supported Account Types

    Personal Microsoft accounts only is not a supported option for Coalesce Azure SSO.

  5. Click Register to create the integration. You'll now be at a window with all your App Registration settings. Keep this browser tab open as you'll need to enter some information from it into Coalesce.

    Example Azure App Registration Overview

  6. Open a new browser tab/window

  7. Sign in to your Coalesce application using username and password

  8. Go to Single-Sign on settings via User Menu > Org Settings > Single Sign-On.

  9. Fill out the fields using the following table:

    Microsoft Permissions Requested

    When selecting Use Single-Sign On with Microsoft Entra ID, you may be prompted to grant Coalesce permission to:

    • Sign you in and read your profile
    • Maintain access to data you have given it access to
    • Microsoft Graph:

      • email

      • profile

      • User.Read

    These permissions can be pre-approved for future users by an admin in Microsoft Entra ID.

    1. Go to Manage >App Registrations> Your App Registration > API Permissions.
    2. Then select Add a permission > Microsoft Graph > Delegated Permissions and then select the desired permissions to pre-approve for the non-admin users.
    FieldDescription
    AuthorityThe system being used for Single Sign On, choose Azure.
    SubdomainThis will be the same as mySubdomain. Not the entire redirect URI.
    Authorization Server Single tenant integrations.https://login.microsoftonline.com/[tenantID]/
    Authorization Server multi-tenant and multi+personal integrationshttps://login.microsoftonline.com/common/
    OIDC clientIDRefer to the Application (client) ID in the "Essentials" section on the overview page for your App Registration.

  10. Once you've filled out the SSO settings in Coalesce, click Save.

  11. Log out of Coalesce.

  12. Go to your subdomain - https://mySubdomain.<app_domain> - and click on the Use Single Sign-On button to log in using SSO.