# Azure Entra Integration Connect Azure Entra ID (formerly Azure Active Directory) so your users can sign in to AccessIQ with their Microsoft credentials. ## Prerequisites * An Azure account with permission to register applications in Entra ID * AccessIQ tenant with admin access ## Step 1: Register an Application in Azure 1. Sign in to the **Azure Portal** at [portal.azure.com](https://portal.azure.com). 2. Go to **Microsoft Entra ID > App registrations**. 3. Click **New registration**. | Field | Value | | ----------------------- | ---------------------------------------------------------------------------------------- | | Name | `AccessIQ` | | Supported account types | Choose based on your needs (single tenant for internal, multi-tenant for external users) | | Redirect URI (Web) | `https://.accessiq.app/api/auth/callback/azure` | 4. Click **Register**. ## Step 2: Create a Client Secret 1. In your new app registration, go to **Certificates & secrets**. 2. Click **New client secret**. 3. Add a description (e.g., `AccessIQ Integration`) and choose an expiry period. 4. Click **Add** and immediately copy the **Value** -- it will not be shown again. ## Step 3: Collect Your Azure Credentials | Credential | Where to find it | | ----------------- | ----------------------------------------------------- | | **Client ID** | App registration > Overview > Application (client) ID | | **Client Secret** | The secret value you copied in Step 2 | | **Tenant ID** | App registration > Overview > Directory (tenant) ID | | **Issuer URL** | `https://login.microsoftonline.com//v2.0` | ## Step 4: Configure API Permissions 1. Go to **API permissions** in your app registration. 2. Click **Add a permission > Microsoft Graph > Delegated permissions**. 3. Add the following permissions: * `openid` * `profile` * `email` 4. Click **Grant admin consent** if required by your organization. ## Step 5: Add Azure Entra as a Provider in AccessIQ 1. In AccessIQ, go to **Identity > Providers**. 2. Click **Add Provider** and select **Azure Entra ID**. 3. Enter the **Client ID**, **Client Secret**, and **Issuer URL**. 4. Click **Save**. ## Step 6: Test the Connection 1. Open your AccessIQ login page in a private browser window. 2. Click **Sign in with Microsoft**. 3. Authenticate with your Microsoft credentials and confirm you reach the AccessIQ dashboard. ## Troubleshooting | Issue | Solution | | -------------------------- | ------------------------------------------------------------------------------------- | | AADSTS50011 redirect error | Ensure the redirect URI in Azure matches AccessIQ exactly, including trailing slashes | | Admin consent required | Ask your Azure admin to grant consent for the app permissions | | Client secret expired | Create a new secret in Azure and update it in AccessIQ | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://accessiq.gitbook.io/accessiq-docs/identity-and-single-sign-on/azure-entra.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.