Configure IdP
Microsoft Entra ID
Configure Microsoft Entra ID as your Identity Provider (IdP) with StarTree. Microsoft Entra ID enables centralized authentication, enhanced security, and streamlined user management, simplifying access to StarTree.
Prerequisites
- Admin access to the Azure portal.
- Access to a StarTree environment.
- Obtain the redirect URI from StarTree.
Steps
Register the StarTree App
- Navigate to the Microsoft Azure portal.
- Select Microsoft Entra ID from the portal menu.
- Click on Add and select App registration to register a new app.
- Specify a name for the application and select the supported account types option that fits your needs.
- Under Redirect URI, select Web as the platform, and enter the URL that was provided by StarTree.
- Register the application.
- Copy the Application (client) ID and the Directory (tenant) ID. You will need to provide these to StarTree.
- Click Add a certificate or secret and create a new client secret. Save the client secret Value. You will need to provide this to StarTree.
- Make sure the users have the email address field populated.
Provide the following details to StarTree
- Application (client) ID.
- Directory (tenant) ID.
- Client secret.
- Issuer URL: https://login.microsoftonline.com//v2.0 (replace the tenant ID with the actual value).
[Optional] Enable Groups Claim
To enable groups claim for an application in Azure AD for OpenID Connect, complete the following steps:- Select Azure Active Directory from the left navigation menu.
- Select App registrations.
- Select the application you just created.
- Select Token configuration from the left navigation menu
- Click the + Add groups claim button and select the types of groups you want to include in the claim.
- Once you save the groups claim, click API permissions.
- Click on + Add a permission.
- Select Microsoft Graph and then Delegated permissions.
- Scroll down to the Directory category, expand it, then check Directory.Read.All
- Click Add permissions.
- When prompted, click Yes to grant admin consent.
Granting User and Group Access to StarTree
- Use the Azure portal search bar to search for Enterprise applications.
- Select the application you created.
- In the left navigation menu, expand the Manage menu and click on Users and Groups.
- Click + Add user/group and add the users and groups that you want provide access to StarTree.
- Click on Assign.