Embedded Files
Overview
Overview
This guide shows how to configure Single Sign-On (SSO) in UNCIA using OpenID Connect (OIDC) with:
Microsoft Entra ID (Azure AD)
Okta
SSO enables your users to log into UNCIA using your corporate identity provider through secure OIDC.
Prerequisites (Both Providers)
Prerequisites (Both Providers)
Before you begin:
✔ You must be an Organization Owner in UNCIA
✔ You need Admin rights in Microsoft Entra ID or Okta
✔ You must know your public callback URL:
https://<your_customer_url>/api/v1/identity/o/callback/
⚠ The callback URL must be registered exactly — including trailing slash — in your IdP.
SSO via Microsoft Entra ID (Azure AD)
SSO via Microsoft Entra ID (Azure AD)
Step 1 - Register UNCIA App in Azure AD
Step 1 - Register UNCIA App in Azure AD
In Azure Portal, go to Microsoft Entra ID → App registrations
Click New registration
Step 2 - Collect Application Info
Step 2 - Collect Application Info
From the app’s Overview, copy:
Application (client) ID
Directory (tenant) ID
Step 3 - Create Client Secret
Step 3 - Create Client Secret
Go to Certificates & secrets → Client secrets → New client secret
Copy the Value (not the key ID)
Step 4 — Configure Token Claims (Optional but Recommended)
Step 4 — Configure Token Claims (Optional but Recommended)
Go to Token configuration
Add:
email
name
preferred_username
This ensures UNCIA receives the expected identity fields.
Step 5 — Configure API Permissions
Step 5 — Configure API Permissions
Go to API permissions
Ensure:
Microsoft Graph
openid
profile
email
Grant Admin consent.
Page updated
Report abuse