Microsoft Entra ID

Microsoft Entra ID offers two types of Single Sign-on (SSO) methods.

OpenID Connect: This open authentication protocol works on top of the Open Authorization (OAuth) 2.0 framework.
Security Assertion Markup Language (SAML): This is an open standard for exchanging authentication and authorization data between an identity provider and a service provider.

Set up Entra ID with Open ID Connect (OIDC) Integration

Log into Microsoft Azure and select Extreme Networks > App Registrations.
To create a new registration, in the Name field, enter ExtremeCloud Universal ZTNA – OIDC and select Register.
Select Redirect URIs > Add a platform.
Enter the following URIs:
- https://zta-tme-2.qa.xcloudiq.com/auth/api/v1/accounts/microsoft/login/callback/
- https://zta-tme-2.qa.xcloudiq.com/auth/api/v1/accounts/invite/microsoft/signup/callback/
Scroll to the bottom of the Authentication screen and under Advanced Settings, in the Allow public client flows, select Yes.
Return to the Overview screen and take note of the Application (client) ID and the Directory (tenant) ID.
In the Client Credentials field, select Add a certificate or secret > New Client Secret > Add.
Note
Keep the default expiration.
From the Certificates & Secrets screen, under the Clients Secret tab, in the Value field, copy the new token.
From the API Permissions screen, select Grant admin consent for [company name].
From the ExtremeCloud Universal ZTNA Onboarding screen, enter the noted Application (client) ID, Client Secret, and Directory (tenant) ID.
Select Validate Information.
When validation is complete, select Update > Confirm.