Prerequisites
Required permissions: Admin role with access to the Identity Provider integration module
Supported platforms: Web-based (Chrome, Edge, Safari)
Time estimate: 10–15 minutes
Additional requirements:
A Microsoft Entra ID (formerly Azure AD) tenant
Registered application in Microsoft Entra admin portal
Client ID and Client Secret
Verified tenant domain
Before You Start
Microsoft Entra ID supports secure Single Sign-On (SSO) via OpenID Connect (OIDC). By integrating Entra ID with your MDM platform, your users can authenticate using their organizational Microsoft credentials, ensuring strong identity management and policy enforcement.
You’ll configure OAuth credentials and domain mapping to enable encrypted and token-based authentication.
Step 1: Navigate to Identity Providers
Go to the left sidebar and click on Integrations > Identity Providers.
On the setup page, you will see Google Workspace and Microsoft Entra ID options.
Step 2: Connect Microsoft Entra ID
Click Set up SSO under the Microsoft Entra ID card.
Review the integration overview — key features include Single Sign-On (SSO), Multi-tenant Support, and Token-based Security.
Click to start.
Step 3: Enter Identity Provider Configuration
When you go to the Microsoft account within the Entra Microsoft panel, you need to set a couple of options.
First, Go to the Authentication tab/ Settings, and under Implicit grant and hybrid flows, check ID tokens.
After that, Check Supported accounts next to the Settings, and select Allow all tenants.
Continue with the instructions below:
You need to copy and paste the Redirect URI into the Microsoft Console so you can generate the required information to complete setup.
Copy the URL from the Trio panel in the Microsoft Console.
Go to https://entra.microsoft.com/ and then, navigate to Authentication (overview)
Click on "Add redirect URI and Paste the copied URI from Trio panel.
After pasting the link, go to overview to access your client and tenant ID.
To access your client secret, go to "Certificate and secrets tab.
In the form, enter the following values:
Name: A unique name for the integration (e.g., "Entra Dev Team")
Tenant Domain: The primary domain of your Entra tenant (e.g.,
acme.biz)Client ID: From your registered app in Microsoft Entra
Client Secret: Generated from the same app registration
Click Get Start to save and connect.
Editing Identity Provider Configuration
In the Identity Providers list, click the three-dot menu beside your Entra provider.
Select Edit.
Modify any field (Name, Tenant Domain, Client ID, or Client Secret).
Click Save changes to apply updates.
Expected result: Settings updated and revalidated.
Disconnecting Microsoft Entra ID (Temporarily Disable SSO)
Click the three-dot menu next to your Entra ID provider.
Select Disconnect.
Confirm the warning: Users will no longer be able to sign in via Microsoft Entra ID and must use fallback methods.
Click Disconnect.
Expected result: Provider status changes to "Disconnected".
Troubleshooting this step:
Issue: Users can’t log in after disconnecting → Solution: Ensure fallback login is enabled
Deleting Microsoft Entra ID (Permanent Removal)
In the Identity Providers table, click the three-dot menu beside your Entra provider.
Select Delete.
Confirm the irreversible action in the warning modal: All users will lose access unless fallback login is enabled.
Click Delete.
Expected result: Microsoft Entra ID provider is permanently removed.
Next Steps
Review SSO login logs under Activity
Assign identity provider to SSO Applications for enforcement
Configure fallback credentials to maintain access control
Troubleshooting
Issue | Cause | Solution |
Users locked out | Fallback login not configured | Enable fallback login before disconnecting or deleting |
Status = Disconnected | Token expired or revoked | Edit the provider and reenter updated credentials |
Login fails | Incorrect tenant domain | Double-check the tenant domain spelling and registration |
Entra not listed in apps | App not registered in Azure | Register the app in Entra ID and generate credentials |