Set up single sign-on (SSO) using OIDC with Microsoft Entra ID

You can set up single sign-on (SSO) to MiiTel using Open ID Connect (OIDC) in Microsoft Entra ID (previously Azure Active Directory). If you want to disable password login, please see Disable password authentication.

  Permissions or subscriptions required

  • When using the SSO, make sure the user name for the IDP is the same as MiiTel's login ID.

Contents

Register the app with Microsoft Entra ID

  1. Go to https://portal.azure.com/#home and sign in to your account.
  2. Click bars-light.svg Show portal menu on the top left of the screen.
  3. Click Microsoft Entra ID >  App Registrations.
  4. Click + New registration.

eng_ms_entra_id.png

  1. Set the following.

eng_sso2.png

1 Name: Enter the name of the app.

2 Support account types: Select Accounts in this organizational directory only

3 Redirect URI:

  • Select a platform: Select Web.
  • URI field: Set as https://auth.account.miitel.jp/oauth2/idpresponse.
  1. Click Register.
  2. Copy the Application (tenant) ID and Application (client) ID. (You will need both IDs later for this task, so paste them to a notepad.)

eng_sso3.png

Create a client secret

  1. Click Certificates & secrets.

eng_sso4.png

  1. Click + New client secret.
  2. After you enter the client secret's description and set the expiration date, click Add. (You will need this expiration date later for this task, so save it to a notepad.)
  3. Copy the client secret's Value. (You will need this Value later for this task, so save it to a notepad.)

eng_sso5.png

  IMPORTANT

  •   When the client secret expires, SSO will no longer be available. If you see the expiration message on MiiTel Admin, please create a new client secret and contact us.

Set the API permissions

  1. Click API permissions.
  2. Click + Add a permission.
  3. Click Microsoft Graph > Delegated permissions.
  4. Click OpenID permissions and check email and openid.

eng_sso6.png

  1. Click Add permissions

Send a request to issue the ID

After you set all of the above, contact us with the following information.

  • Application (client) ID (You can check from Azure Active DirectoryApp Registrations)
  • Client secret's Value
  • Directory (tenant) ID
  • Issuer's value (Click App registrations > Endpoints tab, then access the URL in OpenID Connect metadata document, then provide us the URL displayed after "issuer" (You can check the image below as an example).)

sso_azure10.png

  IMPORTANT

Add the redirect URI

After you receive an email from us about the issuance of your ID, add the redirect URI described in the email to the app.

  1. Go to https://portal.azure.com/#home and sign in to your account.
  2. Click bars-light.svg Show portal menu on the top left of the screen.
  3. Click Azure Active Directory.
  4. Click the app you will use to set the SSO.
  5. Click Authentication.
  6. Click Add URI.

eng_sso7.png

  1. Add the redirect URI described in the email.
  2. Click Save.

Log in using single sign-on

Last, log in to MiiTel using single sign-on.

  1. Go to https://account.miitel.jp/v1/signin.
  2. Enter your login ID.

  3. Click Next.
  4. Click Sign in with Microsoft.
  5. Select your account.
  6. Select your Company ID from Choose company ID.
  7. Click Start MiiTel.

  NOTE

  •   It may take some time for the single sign-on to be set up. If you fail to log in to MiiTel, wait a couple of minutes and try logging in again.

Was this article helpful?