The name for the Microsoft Entra ID used to be Azure Active Directory or Azure AD. For more information, see here.

The Microsoft Entra ID login service can be used to connect the Microsoft Entra ID as an identity provider to formcycle. The Entra ID specific configuration options are described below. For general information on basic settings and creating login services, see Login Services.

Contents

Configuration

In order for the Microsoft Entra ID to be used as a login service in formcycle, formcycle must first be registered as an application in the Entra ID tenant via the Entra ID Admin Center. For more information on registering applications in Entra ID, see here.

Client ID

Unique ID of the configuration. After creating a new app registration (see points 1 and 2), it will be shown in the list of registrations (point 3).

Client secret

Secret key which is used to authenticate your client. After creating a new client key within the Entra ID Admin Center (see points 1 and 2), it is temporarily displayed (point 3). It is not possible to view it later, so it must be created again if it is lost.

Create a new client key within the Entra ID Admin Center.

Tenant-ID

Unique ID of the directory (tenant), which is used for querying the group information and the manager(s). You can find this in the overview of your Entra ID tenant (see point 2).

Get the tenant ID from Entra ID Admin Center.

Query full group information

Specifies whether to get the user's Entra ID user groups using Graph API after successful login. Both the direct and indirect (user groups that are members of user groups) user groups of Entra ID users are retrieved. This data is then available via user variables under rawData.memberOf. In addition, user filters can be created based on the user groups of Entra ID users.

Required API permissions

The app registered in the Entra ID Admin Center (see above) must be granted the delegated API permission GroupMember.Read.All. If this permission is not granted, the user groups cannot be read by Entra ID users.

Grant delegated API permission GroupMember.Read.All via Entra ID Admin Center to allow user groups of Entra ID users to be read after login.

Query manager

Specifies whether the user's supervisor(s) should be determined via Graph API after successful login. This data is then available via user variables under rawData.manager. In addition, user filters can be created based on the managers of Entra ID users.

Required API permissions

The app registered in the Entra ID Admin Center (see above) must be granted the delegated API permission User.Read.All. If this permission is not granted, the administrators cannot be read by Entra ID users.

Granting the delegated API permission User.Read.All via the Entra ID Admin Center, so that administrators of Entra ID users can be read after login.

Register callback URL

For a login to work via the created Entra ID login service, the callback URL displayed in formcycle must be stored in the app registration in the Entra ID Admin Center.

Entering the formcycle callback URL of the created Entra ID login service in the Entra ID Admin Center.