Setting up Maverics SSO with Entra ID

To configure Maverics SSO with Entra ID, you will need to follow Microsoft’s tutorial to register Maverics as an application. During registration in Entra ID, you will need to enter the Redirect URI from the Maverics set up process, as shown below.

Note that this URI will not populate until SSO settings have been saved in Maverics.

Once you’ve registered the application, you must then configure it to return OpenID Connect (OIDC) claims for user, profile, and email, by doing the following:

1. After signing into Entra ID, go to Azure Active Directory from the left navigation pane.
2. Under “Manage”, choose “App registrations”. Click your existing application from the list.
3. In your app registration, under “Manage”, select “Token configuration”.
4. Click “Add optional claim”.
5. Select Token Type and Claims:
   • Token type: Choose “ID”.
   • Claims: Select the following:
     • email
     • given_name
     • family_name
     • preferred_username (optional)
   • Click “Add” to save changes.
6. Under “Manage”, select “API permissions”.
7. Ensure User.Read under “Microsoft Graph” is listed.
8. Add Missing Permissions (if needed):
   • If User.Read is not present:
     • Click “Add a permission”.
     • Select “Microsoft Graph”.
     • Choose “Delegated permissions”.
     • Find and select User.Read.
     • Click “Add permissions”.
9. Grant Admin Consent (if required):
   • If the permission status is “Not granted”:
     • Click “Grant admin consent for [Your Organization]”.
     • Confirm by selecting “Yes”.

References

• Configure optional claims in Azure AD
• Microsoft Identity Platform Scopes
• ID Tokens in Microsoft Identity Platform