General
The Entra ID connection is part of the Famedly Enterprise offer. To be able to setup a SSO Flow between Famedly and your Entra ID Tenant please contact [email protected]. This guide should show you what steps are required to setup the connection.
Register a new client
You need to register Famedly as a new client. This can be done following these steps:
- Browse to the App registration menus create dialog to create a new app.
- Name the app (f.ex. Famedly) and choose who should be able to login (Single-Tenant, Multi-Tenant, Personal Accounts, etc.) This setting will also have an impact on how we need to configure Famedly, so this information needs to be shared later.
- Choose "Web" in the redirect uri field and paste this URL:
https://auth.famedly.de/ui/login/login/externalidp/callback
- Store the ClientID and TenantID from the details page as these information need to be shared with us.
- Register the application
Generate client secret
Generate a new client secret which we can use to authenticate the users following these steps:
- Click on client credentials on the detail page of the application or use the menu Certificates & secrets.
- Click on
+ New client secretand enter a description and an expiry date, add the secret afterwards
- Store the value of the Client Secret. You will not be able to see the value again after some time, however you need to share it with us.
Token configuration
To allow us to get the information from the authenticating user you have to configure what kind of optional claims should be returned in the token.
- Click on Token configuration in the side menu
- Click on
+ Add optional claim
- Add
email,family_name,given_nameandpreferred_usernameto the id token
API permissions
To make sure we can request all necessary information, you have to configure the correct permissions.
- Go to "API permissions" in the side menu
- Make sure the permissions include "Microsoft Graph": email, profile and User.Read
- The "Other permissions granted" should include "Microsoft Graph: openid"
Information required by Famedly
To be able to configure Famedly, please provide the following information
- Name of your IDP
- Client ID
- Client Secret
- Tenant ID
- Tenant Type
If you use an existing authentication procedure of your organisation for the login of users or if this is made possible by us as a provider, please note the following:
In this case, the responsibility for the security of user authentication lies with your organisation. Please ensure that the procedure used meets the current security requirements and is regularly maintained.
It must also be ensured that the authentication procedure is fully under the control of your organisation. In particular, this means that authentication means (e.g. passwords, tokens, certificates) can be managed by your organisation and blocked if necessary.
These requirements are necessary to ensure secure and traceable authentication of your users.