Overview
This document contains instructional information to create a connection between Microsoft Entra ID and OpenID Connect to authenticate Stacks users.
-
OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol allowing clients to verify the identity of end-users based on the authentication performed by an authorization server and obtain basic profile information about the End-User in an interoperable REST-like manner.
- Microsoft Entra ID is Microsoft’s enterprise cloud-based identity and access management solution, formally known as Azure AD. It is the backbone of the Microsoft 365 system and is capable of syncing with on-premise Active Directory to provide authentication to other cloud-based systems via OAuth.
Creating a Connection
Part 1: Create a New App Registration
-
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
-
If you have access to multiple tenants, use the Settings icon in the top menu to switch to the tenant in which you want to register the application from the Directories + subscriptions menu.
-
Browse to Identity > Applications > App registrations and select New registration.
-
Enter the following:
- Name: “Stacks” or your Site URL (use something descriptive)
- Supported Account Types: Accounts in this organizational directory only.
- Re-Direct URI: [your url]/openid-connect/generic
- Select Register.
Part 2: Create Client Secret
-
Under Manage select Certificates & Secrets
-
Select New Client Secret and set the following:
-
Description: Stacks App Secret
-
Expires: Never
-
-
Copy the new secret’s value to a safe place.
Part 3: Set API Permissions
-
Under Manage select API Permissions
-
Click Add a Permission
-
Choose Microsoft Graph on the list of APIs
-
Choose Delegated Permissions
-
In the Select Permissions field:
-
type email and check the box labeled View users’ email address
-
type user.read.all and check the box labelled Read all users’ full profiles
-
type directory.read.all and check the box labelled Read directory data
-
-
Click the Add Permissions button to confirm your permissions match.
Part 4: Obtain Endpoints
-
Under Manage select Overview
-
In the header click the Endpoints link marked with a globe.
-
Copy the values from the following fields to safe place:
-
OAuth 2.0 authorization endpoint (v2)
-
OAuth 2.0 token endpoint (v2)
-
OpenID Connect metadata document
-
Microsoft Graph API endpoint
-
Part 5: Send Details to EBSCO
To configure the connection between Stacks and OpenID connect please provide the following information to your Implementation Project Manager or to the Stacks team:
-
-
Application (Client) ID
-
Client Secret Key
-
OAuth 2.0 Authorization endpoint (v2)
-
OAuth 2.0 Token endpoint (v2)
-
Open ID Connect Metadata
-
Microsoft Graph API Endpoint
-