Microsoft Entra OIDC Configuration
Step 1. Create a Microsoft Entra ID application
Log in to the Microsoft Azure portal https://portal.azure.com/#home.
Open the portal menu and select Microsoft Entra ID.
On the left pane, select App registrations.
Click New registration (at the top of the right pane). The Register an application blade opens.
In the Name field, type the name you want to use for the application.
Select an appropriate account type.
In the Redirect URI section, make sure that Web is selected in the drop-down list and add the following URI:
Click Register (at the bottom left).
Step 2. Create a client secret for the Microsoft Entra ID application
If you are not on the application page anymore, navigate to it from the Home page by selecting Microsoft Entra ID > App registration and then clicking the app in the right pane.
In the left pane, click Certificates & secrets.
In the right pane, click New client secret.
Type a client name and select a desired expiration option.
Click Add. The new client secret appears in the Client secrets list.
Warning: Copy and save the client secret (the Value column). If you leave this page without copying the secret, it will be hidden and you will not be able to retrieve it later.
Step 3. Configure a token
Select your application and on the left pane, select Token configuration.
Click Add groups claim.
Select an appropriate group type.
Click Add.
Click Add optional claim.
In the Token type section, select ID.
Select preferred_username.
Click Add.
Step 4. Assign Required Permissions to the Microsoft Entra ID application
Select your application and on the left pane, select API permissions.
Click Add a permission.
Click the Microsoft Graph card.
Click the Delegated permissions card.
Open the Group section.
Select the following permissions:
Group.Read.All
Click Add permissions.
Click Grant admin consent for...
Confirm you want to grant admin consent by clicking Yes.
Step 5. Save settings for future use
Select your application and on the left pane, select Overview.
Save the following information for use in the Parallels Browser Isolation Management Portal setup:
Application (client) ID
Click the Endpoints button.
Save the value of the OpenID Connect metadata document field for use in the Parallels Browser Isolation Management Portal setup.
Make sure to securely store the client secret and other sensitive information.
Step 6. IdP Configuration on PBI Owner Portal
Once the above steps are completed, copy the values from Entra ID which should mimic the table below, and paste them into the Parallels Browser Isolation IDP configuration section as shown below:
Settings | Value | Details |
---|---|---|
Domain | Ex: acme.com or parallels.com or <yourorgdomain.com> | The domain name should always match the value used in the email or UPN after the "@" symbol. [Ex; login using TestUser@pbi.parallels.com or TestUser@acme.com] |
Discovery URL | https://login.microsoftonline.com/{tenantId}/v2.0/.well-known/openid-configuration | Copy this value from MS Entra ID, IdP Settings. It should follow the format specified in the Value Column |
Client ID | ****************** | Copy this value from MS Entra's IdP Settings |
Client Secret | ****************** | Copy this value from MS Entra's IdP Settings |
Username Claim Name | For more info visit; https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference | |
Groups Claim Name | groups | For more info visit; https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference |
Click Save and proceed with adding users using the Admin Management section that was configured in the OIDC.
Last updated