SSO with Microsoft Entra ID

Register new application

1. Log into the Microsoft Entra Admin Center as administrator.

2. Navigate to Identity > Applications > App registrations and selecting New registration.

3. Enter the following app registration details:

• Name: Give it a descriptive name.

• Supported Account Types: Select Accounts in this organizational directory only.

• Redirect URI: Choose Web and add the Redirect URI provided by Teavaro.

• Click Register to finalize the application setup.

Configure authentication settings

1. Open your newly registered app and navigate to Authentication.

2. Verify platform configuration:

   • Confirm “Web” is selected.

   • Check the redirect URI matches precisely what Teavaro provided.

3. Enable ID tokens going into implicit grant and hybrid flows and enabling ID tokens to allow OIDC protocol authentication.

Create a client secret

1. Navigate to Certificates & Secrets and select Certificates & Secrets from the menu on the left.

2. Add a new client secret under Client Secrets; provide description like “Teavaro SSO” and expiration date.

3. Save the client secret and copy the client secret value before continuing, as it will only be shown once.

Retrieve the required information

1. Go to the Overview page of your registered app and copy the Application (client) ID.

2. Use the client secret value copied in the step above.

3. For the OIDC discovery URI use the following format: https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration, replacing <tenant-id> with your Directory (tenant) ID found in the Overview tab.

Information we need from you

• Client ID: The public identifier for your app.

• Client Secret: A confidential value for app authentication.

• OIDC Discovery URI: https://login.microsoftonline.com/<tenant-id>/v2.0/.well-known/openid-configuration.