Breadcrumbs

How to configure your OIDC SSO

Use these notes alongside the official Microsoft guide:
Set up OIDC-based SSO for an application in Microsoft Entra ID

Before you start

Choose a company <alias>:

  1. It must be all lowercase;

  2. No special characters;

  3. At most 23 characters long.

Prerequisites:

Field

Value

Redirect URI

https://hxauth.com/auth/realms/nsi-ext-<alias>/broker/oidc/endpoint (replace <alias> with your company alias)

Application type

Web (not Single-Page Application)

Configure OIDC SSO

Follow the Microsoft guide: Configure OIDC SSO for gallery and custom applications - Microsoft Entra ID | Microsoft Learn

  1. Follow steps 1-3 from the configuration prerequisites above.

  2. Step 4 – Skip - no special permissions are needed.

  3. Step 5 – Skip - only default claims are needed.

  4. Step 6 - Follow as described in the guide. Copy the OIDC metadata document to the SSO registration form.
    Note: The OIDC metadata document does NOT contain any sensitive information such as the Client Secret, it contains metadata such as the various URIs needed for the OIDC process.

  5. Step 7 – Use the typical scopes mentioned in the guide, i.e. openid profile email.
    Note down the Client ID and Client Secret - you will need to provide these in the SSO registration form.