Overview
This guide will assist you in setting up Single Sign-On (SSO) with Legartis using Microsoft Entra ID (formerly Azure Active Directory) and OpenID Connect (OIDC).
Integrating Legartis with your Microsoft Entra ID allows your users to authenticate using their existing organizational credentials, enhancing security and simplifying user management.
We support any oauth2/SAML compatible system - not just Entra ID
Prerequisites
Access to the Microsoft Entra admin center with permissions to register applications.
An active Legartis account.
Your company identifier for Legartis (contact Legartis support if you do not have this).
Steps to Set Up OIDC Integration
1. Register a New Application in Microsoft Entra
Sign in to the Microsoft Entra admin center: https://entra.microsoft.com/.
Navigate to "Azure Active Directory" in the left-hand menu.
Select "App registrations", then click on "New registration".
Fill out the registration form:
Name: Enter a recognizable name for the application (e.g., "Legartis SSO").
Supported account types: Choose "Accounts in this organizational directory only" unless your scenario requires otherwise.
Redirect URI:
Type: Web
URI: Use a temporary placeholder (e.g.,
https://placeholder) since you'll update this later with the Redirect URI provided by Legartis.
Click "Register" to create the application.
2. Create a Client Secret
Navigate to "Certificates & secrets" in the left-hand menu of your newly created application.
Under "Client secrets", click on "New client secret".
Add a description (e.g., "Legartis Client Secret") and select an appropriate expiration period.
Click "Add".
Copy the Value of the client secret. Important: This is the only time you will be able to view it. Store it securely.
3. Configure API Permissions
Navigate to "API permissions" in the left-hand menu.
Click on "Add a permission".
Select "Microsoft Graph".
Choose "Delegated permissions".
Select the following permissions:
openidprofileemail
Click "Add permissions".
4. Provide Configuration Details to Legartis
Please send the following information to the Legartis support team at [email protected] to complete the integration:
Application (client) ID: Found on your app's Overview page.
Directory (tenant) ID: Also found on your app's Overview page.
Client Secret: The secret value you copied earlier.
Discovery URL:
https://login.microsoftonline.com/{Directory (tenant) ID}/v2.0/.well-known/openid-configurationReplace
{Directory (tenant) ID}with your actual tenant ID.
5. Update Redirect URI
Once the Legartis team has configured your application on their side, they will provide you with the correct Redirect URI.
Wait for the Legartis team to send you the updated Redirect URI.
Navigate back to your app registration in Microsoft Entra.
Go to "Authentication" in the left-hand menu.
Under "Redirect URIs", click on "Add a platform" if you haven't added one yet, or edit the existing Web platform.
Update the Redirect URI to the one provided by Legartis.
Click "Save".
6. Test the SSO Integration
Go to the Legartis application login page: https://app.legartis.ai.
Enter your company identifier on the login page. If you don't know it, contact Legartis support.
Click on the "Login" button.
You will be redirected to your Microsoft Entra ID sign-in page.
Log in using your Microsoft Entra credentials.
Upon successful authentication, you should be redirected back to Legartis and logged in.
Troubleshooting
Authentication Errors: Double-check that the Redirect URI in Microsoft Entra matches exactly with the one provided by Legartis.
Permission Issues: Ensure that the required API permissions (
openid,profile,email) are granted and that admin consent has been provided if necessary.
Support
If you encounter any issues during the setup process, please contact the Legartis support team at [email protected].