Microsoft Entra OIDC Configuration
Last updated
Last updated
Log in to the Microsoft Azure portal https://portal.azure.com/#home.
Open the portal menu and select Microsoft Entra ID.
On the left pane, select App registrations.
Click New registration (at the top of the right pane). The Register an application blade opens.
In the Name field, type the name you want to use for the application.
Select an appropriate account type.
In the Redirect URI section, make sure that Web is selected in the drop-down list and add the following URIs:
https://pbi.parallels.com/rbi/oidc/signin/callback
and https://pbi.parallels.com/owner/test-idp
.
Click Register (at the bottom left).
If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.
In the left pane, click Certificates & secrets.
In the right pane, click New client secret.
Type a client name and select a desired expiration option.
Click Add. The new client secret appears in the Client secrets list.
Warning: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.
Select your application and on the left pane, select Token configuration.
Click Add groups claim.
Select an appropriate group type.
Click Add.
Click Add optional claim.
In the Token type section, select ID.
Select preferred_username.
Click Add.
Select your application and on the left pane, select API permissions.
Click Add a permission.
Click the Microsoft Graph card.
Click the Delegated permissions card.
Open the Group section.
Select the following permissions:
Group.Read.All
Click Add permissions.
Click Grant admin consent for...
Confirm you want to grant admin consent by clicking Yes.
Select your application and on the left pane, select Overview.
Save the following information for use in the Parallels Browser Isolation Management Portal setup:
Application (client) ID
Click the Endpoints button.
Save the value of the OpenID Connect metadata document field for use in the Parallels Browser Isolation Management Portal setup.
Make sure to securely store the client secret and other sensitive information.
Once the above steps are completed, copy the values from Entra ID which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Domain
Ex: acme.com or parallels.com or <yourorgdomain.com>
The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]
Discovery URL
https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration
Copy this value from MS Entra ID, IdP Settings. It should follow the format specified in the Value Column
Client ID
******************
Copy this value from MS Entra's IdP Settings
Client Secret
******************
Copy this value from MS Entra's IdP Settings
Username Claim Name
For more info visit;
Groups Claim Name
groups
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
For more info visit;