To configure Maverics SSO with Entra ID, you wil need the Issuer URL, Client ID, Client Secret and configure claims in a new app registration. You need to enter the Redirect URI, obtain the from the Maverics set up process, as shown below.
Note that this URI will not populate until SSO settings have been saved in Maverics.
Once you've registered the application, you must then configure it to return OpenID Connect (OIDC) claims for user, profile, and email, by doing the following:
After signing into Entra ID, go to Azure Active Directory from the left navigation pane.
Under "Manage", choose "App registrations".
Create a new app registration.
Get following information from the overview page
Application (client ID)
Directory (tenant) ID to make the issuer url https://login.microsoft.com/<your-tenant-id>/
For the client secret, go to “Credentials and Secrets” and create a new secret.
Configure additional claims, under "Manage", select "Token configuration".
Click "Add optional claim".
Select Token Type and Claims:
Token type: Choose "ID".
Claims: Select the following:
email
given_name
family_name
preferred_username
(optional)
Click "Add" to save changes.
Under "Manage", select "API permissions".
Ensure
User.Read
under "Microsoft Graph" is listed.Add Missing Permissions (if needed):
If
User.Read
is not present:Click "Add a permission".
Select "Microsoft Graph".
Choose "Delegated permissions".
Find and select
User.Read
.Click "Add permissions".
Grant Admin Consent (if required):
If the permission status is "Not granted":
Click "Grant admin consent for [Your Organization]".
Confirm by selecting "Yes".