Overview
This guide will walk you through configuring OpenID Connect authentication with Azure Active Directory (Microsoft Entra ID) for Discngine Admin Center. Once completed, users will be able to log in using their Azure AD credentials.
Note: Azure AD is now called Microsoft Entra ID, but both names refer to the same service.
Prerequisites
Before configuring Azure AD OpenID Connect, ensure you have:
- Organization Administrator access to Discngine Admin Center
- Administrator access to the Azure Portal
- Permissions to create and configure Azure AD applications
Register a New Azure Active Directory Application
Step 1: Access Azure Portal
Log in to the Azure Portal and navigate to Azure Active Directory → App Registrations → New Registration.
Step 2: Configure Application
- Provide a name for your application (e.g., "Discngine Admin Center")
- Select the appropriate supported account types
- Set the Redirect URI to:
https://account.discngine.cloud/oauth2/callback - Click Register
Step 3: Note Application Details
Once the application is created, record the following values (you'll need them later):
- Application (client) ID - This will be your Client ID
- Directory (tenant) ID - This will be used to construct your Issuer URL
Create a Client Secret
Step 1: Generate Secret
Navigate to Azure Active Directory → App Registrations → Your Application → Certificates & secrets → New client secret.
Step 2: Save Secret Value
- Add a description for the secret (e.g., "Discngine Admin Center Secret")
- Choose an expiration period
- Click Add
- Important: Copy the secret VALUE immediately - you won't be able to see it again
Configure OpenID Connect in Discngine Admin Center
Step 1: Access Identity Providers
- Log in to Discngine Admin Center as an Organisation Administrator
- Navigate to Settings → Identity Providers
- Click Add Provider and select OpenID Connect
Step 2: Configure Provider Settings
Fill in the following fields:
Basic Settings:
- Name:
Azure ADorMicrosoft Entra ID - Client ID: Enter the Application (client) ID from Azure
- Client Authentication Method: Select
HTTP Basic authentication (client_secret_basic) - Client Secret: Enter the client secret VALUE you copied earlier
Discovery Settings:
-
Discover Endpoints: Enable this option
-
Issuer URL: Use one of the following formats:
- Azure AD v1:
https://login.microsoftonline.com/{tenantId} - Azure AD v2:
https://login.microsoftonline.com/{tenantId}/v2.0
Replace
{tenantId}with your Directory (tenant) ID - Azure AD v1:
Scopes:
- Scope:
openid email profile
Button Customization:
- Button Text:
Login with Azure AD(or customize as needed) - Button Icon: Optionally add a URL to an Azure AD icon
Step 3: Enable for Applications
- Scroll down to the Applications section
- Enable the identity provider for your desired applications
- Toggle Create Registration if you want to automatically register users
- Click Save
Testing the Configuration
Step 1: Access Login Page
Navigate to https://admin-<organization-name>.discngine.cloud/
Step 2: Test Login
- Enter your email address
- You should see the Login with Azure AD button
- Click the button
- You will be redirected to the Azure AD login page
- Enter your Azure AD credentials
- After successful authentication, you'll be redirected back to Discngine Admin Center
Troubleshooting
Common Issues
Redirect URI Mismatch
- Ensure the redirect URI in Azure AD exactly matches:
https://account.discngine.cloud/oauth2/callback
Invalid Client Secret
- Client secrets expire - check if yours has expired and generate a new one if needed
Tenant ID Issues
- Verify you're using the correct tenant ID from the Azure AD directory
- Check that you're using the correct Azure cloud URL (global, government, etc.)
User Email Not Available
- Ensure the
emailscope is included - Verify that users have email addresses in their Azure AD profiles