Products
Support
Partners
Documentation

Microsoft Entra OIDC Configuration

Step 1. Create a Microsoft Entra ID application

  1. Log in to the Microsoft Azure portal https://portal.azure.com/#home.

  2. Open the portal menu and select Microsoft Entra ID.

  3. On the left pane, select App registrations.

  1. Click New registration (at the top of the right pane). The Register an application blade opens.

  1. In the Name field, type the name you want to use for the application.

  2. Select an appropriate account type.

  3. In the Redirect URI section, make sure that Web is selected in the drop-down list and add the following URI:

    https://pbi.parallels.com/rbi/oidc/signin/callback

  1. Click Register (at the bottom left).

Step 2. Create a client secret for the Microsoft Entra ID application

  1. If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.

  2. In the left pane, click Certificates & secrets.

  3. In the right pane, click New client secret.

  4. Type a client name and select a desired expiration option.

  5. Click Add. The new client secret appears in the Client secrets list.

Warning: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.

Step 3. Configure a token

  1. Select your application and on the left pane, select Token configuration.

  2. Click Add groups claim.

  1. Select an appropriate group type.

  2. Click Add.

  3. Click Add optional claim.

  4. In the Token type section, select ID.

  5. Select preferred_username.

  1. Click Add.

Step 4. Assign Required Permissions to the Microsoft Entra ID application

  1. Select your application and on the left pane, select API permissions.

  2. Click Add a permission.

  3. Click the Microsoft Graph card.

  4. Click the Delegated permissions card.

  5. Open the Group section.

  6. Select the following permissions:

    • Group.Read.All

  1. Click Add permissions.

  2. Click Grant admin consent for...

  3. Confirm you want to grant admin consent by clicking Yes.

Step 5. Save settings for future use

  1. Select your application and on the left pane, select Overview.

  2. Save the following information for use in the Parallels Browser Isolation Management Portal setup:

    • Application (client) ID

  3. Click the Endpoints button.

  4. Save the value of the OpenID Connect metadata document field for use in the Parallels Browser Isolation Management Portal setup.

Make sure to securely store the client secret and other sensitive information.

Step 6. IdP Configuration on PBI Owner Portal

  1. Once the above steps are completed, copy the values from Entra ID which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:

SettingsValueDetails

Domain

Ex: acme.com or parallels.com or <yourorgdomain.com>

The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com]

Discovery URL

https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration

Copy this value from MS Entra ID, IdP Settings. It should follow the format specified in the Value Column

Client ID

******************

Copy this value from MS Entra's IdP Settings

Client Secret

******************

Copy this value from MS Entra's IdP Settings

Username Claim Name

preferred_username

For more info visit;

https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference

Groups Claim Name

groups

For more info visit; https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference

  1. Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.

PreviousAuth0 OIDC Configuration

Last updated

Social media

FacebookTwitterLinkedInYouTube

Other Resources

Feedback

© 2024 Parallels International GmbH. All rights reserved.