Register a Microsoft Entra ID client application for use in Identity Enterprise SSO.
This guide shows you how to register a client application in Microsoft Entra ID. You need the application details to complete the Identity Enterprise SSO setup.
Prerequisites
To be able to manage applications, you must have an Azure account with one of these roles: Application administrator, Application developer, or Cloud application administrator. For more information, see Entra built-in roles.
Register a new application in Microsoft Entra ID
- Sign in to the Azure portal.
- Search for and select App registrations.
- Click New registration and in the Name field, enter the name (to be displayed on Azure) for the application. For example "commercetools Identity".
- In the Redirect URI section, select Web as the platform and provide the Redirect URI of Identity as displayed in the SSO configuration form. The value is dependent on the PKCE option. By default it's
https://auth.identity.commercetools.com/self-service/methods/oidc/callbackas we force the use of PKCE. If you select another PKCE option (auto or disable) the Redirect URI changes. - Click Register.
- Copy the Application (client) ID displayed in the Essentials section on the Overview page.
- In the Certificates and secrets > Client secrets section.
- Click New client secret.
- Enter a description for your client secret.
- Select an expiration for the secret or specify a custom lifetime.
- Click Add.
- Copy the client secret Value.
- The issuer URL to be assigned in Identity SSO configuration is in the format:
https://login.microsoftonline.com/{tenantId}/v2.0. See Endpoints tab > OpenID Connect metadata document (without the/.well-known/openid-configurationpart).
Next steps
After registering your client application, continue with the Identity Enterprise SSO initial setup.