Set up Microsoft Entra ID for SSO

Set up your single sign-on using Microsoft Entra ID, previously known as Azure Active Directory, to enable authentication for users in your organization. For successful set-up, complete the process in the order laid out below.

Prerequisites

  • Access to the Azure Portal: Microsoft Azure

  • Administrative privileges to configure Microsoft Entra ID

  • Permissions to register applications and manage API permissions

Access Microsoft Entra ID

  1. Sign in to the Azure Portal: Microsoft Azure.

  2. Go to Microsoft Entra ID, previously known as Azure Active Directory.

  3. Configure Microsoft Entra ID for your account.

    If Entra ID is already set up for your organization, go to Register an Application in Microsoft Entra ID.

Register an application in Microsoft Entra ID

  1. Open Microsoft Entra ID in the Azure Portal.

  2. Select + Add > App Registration.

    The Register an application page opens.

  3. In the Name field, enter the organization name.

  4. Under Supported account types, select your preferred option.

    The default is Accounts in this organizational directory only.

  5. Under Redirect URI (optional), select Web from the Select a platform dropdown menu.

  6. Go to the URL input field and enter https://invest.highbond.com/auth/entra/callback/

  7. Select Register.

  8. From the side navigation bar select Manage > Authentication.

  9. Go to Front-channel logout URL input field and enter https://invest.highbond.com/auth/entra/logout/ .

  10. Select Save.

Configure client credentials

  1. From the side navigation bar select Certificates & secrets.

  2. In the Client secrets tab select + New client secret.

    The Add a client secret panel opens.

  3. In the Description input field enter the name.

  4. Select the period for expiry from the Expires dropdown menu.

  5. Select Add.

    Your application password is created.

    Important

    Make sure you copy and securely store the Secret ID as you will need it later.

  6. To save the Secret ID select Copy to clipboard icon .

  7. Paste to a safe location for later reference.

Assign API permissions

  1. From the side navigation bar select API permissions.

  2. Select + Add a permission.

    The Request API permissions panel opens.

  3. Select Microsoft Graph > Delegated permissions.

  4. Select the preferred permissions.

  5. Scroll to the bottom of the page and select Add permissions.

Gather the required application details

  1. From the side navigation bar select Overview.

  2. Select Essentials to expand the view.

  3. Copy the credentials from Application (client) ID and Directory (tenant) ID, and save with your Secret ID credentials.

Configure SSO in Invest

  1. Sign in to Diligent Equity Invest.

  2. Go to your profile in the toolbar, and from the dropdown menu, select Admin.

    Your admin dashboard opens.

  3. Select the Integrations tab.

    The Edit Identity panel opens.

  4. Under SSO mode, select Entra from the dropdown menu.

  5. Open the location with your saved secret and application credentials.

  6. In the Entra tenant ID field, enter your saved Directory (Tenant) ID credentials.

  7. In the Entra client ID field, enter your saved Application (Client) ID credentials.

  8. In the Entra client secret field, enter your saved Secret ID credentials.

  9. Select Save.

Verify SSO access

  • After the set-up is complete, users with existing accounts in Microsoft Entra ID and allowed email domains can sign in to Diligent Equity Invest using SSO.