Skip to main content

Set Up Microsoft Entra ID(Azure AD) Plugin

LoginRadius provides a Marketplace plugin to integrate Microsoft Entra ID with your LoginRadius Console application. Integrating LoginRadius with Microsoft Entra ID provides you with the following benefits:

  • You can control in Microsoft Entra ID who has access to the LoginRadius.
  • You can enable your users to be automatically signed in to LoginRadius (Single Sign-On) with their Microsoft Entra ID accounts.
  • You can manage your accounts in one central location - the Microsoft Azure portal.

Note: Microsoft has updated its naming convention, where they have replaced the term “Azure Active Directory” with “Microsoft Entra ID.” For more information, please refer to the official Microsoft documentation.

This document provides step-by-step instructions for setting up Microsoft Entra ID as an identity provider for your LoginRadius Console application.

Note: You can find the LoginRadius plugin for Microsoft Entra ID in the marketplace here.

Prerequisites : To configure Microsoft Entra ID integration with LoginRadius, you need the following:

  • A Microsoft Azure subscription. If you don't have a Microsoft Azure environment, you can get a free account.
  • LoginRadius Enterprise Account.

Configuration Guide on Microsoft and LoginRadius

To let customers sign in to the LoginRadius Console via Microsoft Azure credentials, the following configurations are required:

Configuring Microsoft Azure Enterprise Application

Follow the below-mentioned steps to configure the LoginRadius application into your Enterprise Applications:

  • Navigate to the “Microsoft Entra ID” section and click on “Enterprise applications” from the left panel
  • Click on “Add Application” and search for the “LoginRadius” package.
  • Give it a name as per business requirement and click on Create to create this enterprise application.
  • The overview of this application will be opened. You can also find this application in the Enterprise Applications section present in the Microsoft Entra ID.
  • Click on “Set up single sign-on” in this application overview, and on the following screen, select “SAML” as the single sign-on method.
  • Click on the “Edit” button from the “Basic SAML Configuration” section and add the following URLs in the settings.
  • Under SAML Certificates, download the Certificate (Base64) – this will be used later in the LoginRadius configuration.
  • Under Set up Custom IdP, copy the Login URL and Logout URL – these will also be used in the LoginRadius configuration.
  • Feel free to make adjustments to other fields as needed to meet business requirements.

Creating Users in Microsoft Azure

You can create the users in the Microsoft Azure Portal. These users can be your organisation's employees. Users who are present here can also be added to LoginRadius and will be able to access the LoginRadius Console.

Follow the steps below to add the user to your Microsoft Azure portal:

  • Navigate to the “Microsoft Entra ID” section and click on “Users” from the left panel.
  • Click New User to create a user or ensure existing users are listed.
  • The email address must match the one used for the team member in the LoginRadius Console.

Add the user to the LoginRadius Enterprise Application

After adding the user in Azure, you’ll also need to assign them to the LoginRadius enterprise application to enable Admin Console access.

Please follow these steps:

  • Go to Enterprise Applications in Azure and select the LoginRadius application.
  • In the left-hand menu, click on Users and Groups.
  • Click Add user/group at the top.
  • Select the user(s) you want to grant access to the Admin Console. The list will display all existing users you've added.
  • Click Assign to complete the process.

Adding a Team Member in LoginRadius

This section will explain how you can add those team members who are already present in the Microsoft Azure portal. Before users can log in via their Microsoft credentials, they must be added to the LoginRadius Console with the correct set of roles.

Follow the steps mentioned below to add users in the LoginRadius Console:

  • In the LoginRadius Console, go to Team Members.
  • Click Add Team Member and enter the required details.
  • Make sure the email address matches the one configured in the Azure AD users section.
  • Save the user.

Configuring Team SSO in LoginRadius

In the LoginRadius Console Team SSO section, you have two options to configure the SSO options:

Configuring Team SSO Manually

Follow the steps mentioned below to set up Team SSO manually for setting up the configurations:

  • Navigate to Team SSO in the Admin Console and click Add Team SSO.
  • Update the following fields:
    • Login Flow: Service Provider Initiated Login
    • ID Provider Login URL: Paste the Login URL from Azure
    • ID Provider Logout URL: Paste the Logout URL from Azure
    • ID Provider Certificate: Paste the Base64 certificate including headers:
-----BEGIN CERTIFICATE-----
       <certificate>
-----END CERTIFICATE-----

Configure Team SSO From Metadata

If you are looking to configure Team SSO by uploading a Metadata file, you have to click on the Configure from Metadata file. You are required to upload the XML file, which contains metadata for SSO setup. After a successful upload, click the Add button.

Single Sign On Flow

This section outlines the login flow for users accessing the LoginRadius Console through Microsoft Azure.

Here is the flow: