Microsoft Entra ID

Use Microsoft Entra ID as your Identity Provider.

Create New App Registration

  1. Authenticate to the Azure Portal via your Microsoft Identity.
  2. Head over to App Registrations.
  3. Click “New Registration”:
    • Enter “Atolio” for the name.
    • Ensure “Accounts in this organizational directory only” is selected from Supported account types.
    • Add a redirect URI https://search.example.com/auth/_callback.
    • Click “Register”.
  4. You should now be on the page of your new app registration. In the Essentials blade, locate the “Add a certificate or secret” link.
  5. Create a Client Secret for use with OIDC:
    • Select the “Client Secrets (0)” tab.
    • Click “New Client Secret”.
    • Enter “Atolio OIDC Authentication” for the description.
    • Set desired expiry. Follow internal procedures for rotation.
    • Copy the newly created “Value” of the Client Secret and store it in a safe place (e.g. 1Password). This will be referenced later for OIDC configuration.
  6. Add a certificate for client authentication:
    • Obtain a .PFX file that includes the public and private keys. If you’re using the SharePoint connector, the certificate key algorithm must be RSA, as this is currently the only supported algorithm. A private key password is optional, but recommended.
    • Export the public key to a .CER file.
    • Select the “Certificates (0)” tab.
    • Click “Upload certificate”.
    • Enter “Atolio Client Authentication” for the description.
    • Select the .CER file and select “Add”.
    • Export the .PFX file contents to base 64 and store it in a safe place (e.g. 1Password). You can obtain the base 64 encoding from the command line with cat my-cert.pfx | base64. This value will be referenced later for source configuration.
  7. Finally, revisit the app registration Overview and copy the Directory (tenant) ID as well as the Application (client) ID. These will be used later when configuring Active Directory.

Note: If you are configuring the SharePoint connector later, this app registration will also require API Permissions. These can be found in Installing the Microsoft Connector (Entra ID & SharePoint).