Azure Entra SSO Configuration
Step by Step guide for integrating Razor with Azure Entra ID
This guide summaries the following Microsoft Quick Start Guide – more information can be found at https://learn.microsoft.com/en-au/entra/identity-platform/quickstart-register-app?tabs=certificate
Supported Features
Authentication Only
Provide access to your full Razor Tenancy using Azure’s single sign-on authentication platform.
1. ON-BOARDING
As part of your Razor on-boarding your tenant will be configured for traditional user/password access. For your company’s users to initiate Azure Single Sign-On (SSO) they are required to have been previously added under the user settings in Razor. Attempting to log directly in via Azure without prior configuration will result in a failure to log in.
2. ADD OCCAM RAZOR INTEGRATION TO AZURE INSTANCE
Log In To Microsoft Entra Admin Centre https://entra.microsoft.com/
Select Applications > App registrations from the lefthand menu.
Then select “New Registration”
Populate the Register Application Form with the following details:
Name: A descriptive name (e.g Razor SSO)
Supported Account Types: Accounts in this organisational directory only (Single tenant)
Redirect URI (optional): https://amer.razor.cx/users/auth/azure_activedirectory_v2/callback
Notes: You may adjust Supported Account Types to whatever your organisational needs are. Our recommendation is Single Tenant.
Your redirect URI will vary based on the URL you use to access Razor, please replace the root of the url as appropriate (eg. https://CUSTOM_RAZOR_DOMAIN/users/auth/azure_activedirectory_v2/callback)
Once the Integration is created. Click “Add a certificate or secret”
Followed by New Client Secret
Name the secret, choosing a duration to comply with your organization’s security requirements and make a note of the generated Value.
Return to the Overview page and make a note of:
Application (client) ID
Directory (tenant) ID
3. UPDATE RAZOR CONFIGURATION
Once in possession of your Azure credentials, navigate to the Company Settings page on Razor.
Once in the editable form for your company settings, scroll down to the Azure Integration section.
Populate the Client ID, Secret. Tenant ID with the details from the previous step on the Azure Admin.
4. SIGN IN
Once your settings are saved, after logging out you can access the Azure SSO Integration, via the sign in link.
Enter the email that you are registered to Razor with, and click “Go To Azure”
Login to your Azure Instance. You will be redirected back to Razor once authentication is complete.