Microsoft Entra ID SSO

To configure Maverics SSO with Entra ID, you wil need the Issuer URL, Client ID, Client Secret and configure claims in a new app registration. You need to enter the Redirect URI, obtain the from the Maverics set up process, as shown below.

Note that this URI will not populate until SSO settings have been saved in Maverics.

Once you've registered the application, you must then configure it to return OpenID Connect (OIDC) claims for user, profile, and email, by doing the following:

1. After signing into Entra ID, go to Azure Active Directory from the left navigation pane.

2. Under "Manage", choose "App registrations".

3. Create a new app registration.

4. Get following information from the overview page

   1. Application (client ID)

   2. Directory (tenant) ID to make the issuer url https://login.microsoft.com/<your-tenant-id>/

5. For the client secret, go to “Credentials and Secrets” and create a new secret.

6. Configure additional claims, under "Manage", select "Token configuration".

7. Click "Add optional claim".

8. Select Token Type and Claims:

   • Token type: Choose "ID".

   • Claims: Select the following:

     • email

     • given_name

     • family_name

     • preferred_username (optional)

   • Click "Add" to save changes.

9. Under "Manage", select "API permissions".

10. Ensure User.Read under "Microsoft Graph" is listed.

11. Add Missing Permissions (if needed):

    • If User.Read is not present:

      • Click "Add a permission".

      • Select "Microsoft Graph".

      • Choose "Delegated permissions".

      • Find and select User.Read.

      • Click "Add permissions".

12. Grant Admin Consent (if required):

    • If the permission status is "Not granted":

      • Click "Grant admin consent for [Your Organization]".

      • Confirm by selecting "Yes".

References

• Configure optional claims in Azure AD

• Microsoft Identity Platform Scopes

• ID Tokens in Microsoft Identity Platform