--- title: Integration between Microsoft Entra ID (Formerly Azure AD) and OpenLM description: This document describes the steps required to configure Microsoft Entra ID with the Identity Service and set Microsoft Entra ID as the external identity. product: OpenLM Version 25 / v26 (legacy) --- > **OpenLM Version 25 / v26 (legacy).** This page documents the legacy product, not OpenLM Platform. This document describes the steps required to configure Microsoft Entra ID with the Identity Service and set Microsoft Entra ID as the external identity provider for OpenLM. ## Prerequisites - Access to the [Azure Portal](https://portal.azure.com) with permissions to register applications - For on-premise users: OpenLM SLM and Identity Service must be [SSL secured](https://openlm.com/documentation/legacy/openlm-slm/setting-up-ssl-for-openlm-server-and-identity-service) ## Microsoft Entra ID configuration 1. Log in to the [Azure Portal](https://portal.azure.com). Navigate to your Microsoft Entra ID directory. 2. Navigate to the **App Registrations** section. 3. Create a new registration. Click the **New Registration** button. 4. Provide the application **display name** (for example **Identity Service**). In the Redirect URI field, from the drop-down list select Web. Leave the URI field empty, as we will come back to this step and update it later during configuration. Click the **Register** button. 5. The application is now registered. Note the **Application (client) ID** and **Directory (tenant) ID** shown on the overview page — you will need these values in the steps below. 6. Navigate to the **Certificates & Secrets** section to create a new client secret. Click **New client secret**. **Pro tip:** open this section in a new tab. 7. Provide a **description** for the client and choose its **lifespan**. Click **ADD**. 8. The client secret is now created. Note the **Value** and **Secret ID**. :::warning Client secret values cannot be viewed except immediately after creation. Be sure to save the secret value before leaving the page. ::: After navigating away, the value will be hidden and impossible to retrieve: ## OpenLM on-premise users — Adding Microsoft Entra ID as an external identity provider 1. Navigate to your Identity Service account → Click on the **External Providers** icon to add the external provider. 2. Select the provider type **Azure** from the drop-down options. 3. Enter the **Client ID** — this is the **Application (client) ID** from [step 5](#microsoft-entra-id-configuration) above. 4. Enter the **Client Secret** — this is the **Value** from [step 8](#microsoft-entra-id-configuration) above. 5. In the **Account ID** field, type **none**. :::warning Do not leave the Account ID field blank — you must explicitly enter `none`. Leaving it blank will cause the configuration to fail. ::: 6. Enter the authority URL in the **Authority** field using the format: `https://login.microsoftonline.com/{Directory (tenant) ID}` Replace `{Directory (tenant) ID}` with the tenant ID from [step 5](#microsoft-entra-id-configuration) above. 7. Enter the display name for the provider in the Display Name field, for example **Login with Azure**. 8. Click **Save**. 9. After clicking Save, the external provider (Azure) is displayed in the External Providers list. Note the **Redirect URLs** shown on screen — you will need these in the next step. 10. Keep this window open — you will need the Redirect URLs displayed here. 11. Return to your Microsoft Entra ID account. Navigate to the **Authentication** section. Click **Add Platform**. Select **Web**, then provide the following: - **Front-channel Logout URL** - **Web Redirect URL** Check **ID Tokens** and choose who can use this application. Click **Configure**, then **Save**. :::note The Redirect URLs must be copied from the OpenLM Identity Service UI (as shown in step 9 above). ::: 12. Navigate to your Identity Service account and log out. The Azure Login button now appears as a login option: ## OpenLM Cloud users — Configure Microsoft Entra ID as an external identity provider 1. Navigate to your OpenLM Cloud Portal → **External Providers** tab. Click **Add Provider**. 2. Enter the **Client ID** — this is the **Application (client) ID** from [step 5](#microsoft-entra-id-configuration) above. 3. Enter the **Client Secret** — this is the **Value** from [step 8](#microsoft-entra-id-configuration) above. 4. In the **Authority** field, enter: `https://login.microsoftonline.com/{Directory (tenant) ID}` Replace `{Directory (tenant) ID}` with the tenant ID from [step 5](#microsoft-entra-id-configuration) above. 5. Enter the display name, for example **Login with Azure**. 6. Click **Save**. 7. After clicking Save, the external provider (Azure) is displayed in the External Providers list. Note the **Redirect URLs** shown on screen — you will need these in the next step. 8. Keep this window open — you will need the Redirect URLs displayed here. 9. Return to your Microsoft Entra ID account. Navigate to the **Authentication** section. Click **Add Platform**. Select **Web**, then provide the following: - **Front-channel Logout URL** - **Web Redirect URL** Check **ID Tokens** and choose who can use this application. Click **Configure**, then **Save**. :::note The Redirect URLs must be copied from the OpenLM Cloud Portal (as shown in step 7 above). ::: 10. Go to your Cloud Portal. Click on your username (upper right corner) to see your profile information. 11. Note and copy your **OpenLM account ID**. 12. To access the OpenLM Cloud account using Microsoft Entra ID, use one of the following URLs: ``` https://cloud.openlm.com/portal?loginAccountId= ``` or ``` https://eu-cloud.openlm.com/portal?loginAccountId= ``` Replace `` with the account ID copied in step 11. :::tip Clear your browser cache before accessing the Cloud Portal with the new configuration. :::