Skip to main content
Skip table of contents

How to configure OIDC SSO

Use these notes alongside the official Microsoft guide:
Set up OIDC-based SSO for an application in Microsoft Entra ID

Before you start

Choose a company <alias>:

  1. It must be all lowercase;

  2. No special characters;

  3. At most 23 characters long.

Prerequisites:

Field

Value

Redirect URI

https://hxauth.com/auth/realms/nsi-ext-<alias>/broker/oidc/endpoint (replace <alias> with your company alias)

Application type

Web (not Single-Page Application)

Configure OIDC SSO

Follow the Microsoft guide: Configure OIDC SSO for gallery and custom applications - Microsoft Entra ID | Microsoft Learn

  1. Follow steps 1-3 from the configuration prerequisites above.

  2. Step 4 – Skip - no special permissions are needed.

  3. Step 5 – Skip - only default claims are needed.

  4. Step 6 - Follow as described in the guide. Copy the OIDC metadata document to the SSO registration form.
    Note: The OIDC metadata document does NOT contain any sensitive information such as the Client Secret, it contains metadata such as the various URIs needed for the OIDC process.

  5. Step 7 – Use the typical scopes mentioned in the guide, i.e. openid profile email.
    Note down the Client ID and Client Secret - you will need to provide these in the SSO registration form.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close