Entra ID SSO

Last updated: March 24, 2026

Create app registration

Visit the Microsoft Entra admin center and click App registrations in the left navigation bar. Create a new registration and give it a unique recognizable name (e.g. Hadrius Entra SSO).

Under Supported account types, select the first option (<Tenant> only - Single tenant). Under Redirect URI, choose Web from the dropdown and enter https://app.hadrius.com/auth/sso.

Verify app permissions

Under Authentication (Preview), select the Settings tab and check both boxes (Access tokens and ID tokens).

Under Certificates & Secrets, select Client secrets and create a new client secret and give it a unique and recognizable description. We recommend setting the expiration date to the maximum value.

Save the Value for the Client secret to send to us in the next step!

Under Token configuration, choose to Add optional claim and pick the following from the ID token type:

  • acct

  • email

  • family_name

  • given_name

  • preferred_username

  • verified_primary_email

  • verified_secondary_email

Under API permissions, choose to Add a permission and select the following from Microsoft Graph (Delegated permissions).

  • email

  • profile

  • openid

  • offline_access

Send Hadrius the details

We'll complete SSO setup from our side once you provide us with the Directory (tenant) ID, Application (client) ID, and the Client secret. These can be found on the Overview page.

Overview page of the app registration.

The client secret is sensitive information. You can use flashpaper.hadrius.com to generate a one-time use secure link.