# How to set up Entra ID for Frends We strongly recommend using your own Entra ID (Azure AD authentication) to manage your Frends users. The following steps explain how to get started. ## Requirements In order to set up Entra ID for Frends login, you will need access to Azure Portal to manage your Entra ID, in order to set up an app registration there. You will also need administrator rights to your Frends Tenant in order to create the OpenID Connect Application. Alternatively, you can provide this guide and the mentioned details to your Azure and/or Frends administrators to set up the flow. ## Set Up an Application in Azure First, you will need to set up the application in the Azure instance where the users you wish to authenticate are registered. [You can additionally follow the instructions from Microsoft](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications), along with this guide. ### Create an Application Go to Azure Portal using an account that can register new applications in the directory, and go to **Microsoft Entra ID > Manage > App registrations**, and click **New registration**.

Creating a new app registration in Azure.

Give the app a unique name, and choose suitable supported account type. By default the top option gives access to company's users in single tenant configuration.

### Application and Tenant ID Find your newly created application and go to its **Overview** page, if you didn't land on it by default. Copy the values of these fields and save them for use. * Application (client) ID * Directory (tenant) ID

Take note of these values for adding the registration to Frends later.

### Enable ID Tokens To use the authentication you need to set the response from the application to contain an ID token. When viewing the created App registration, you can access the authentication options by navigating to **Manage > Authentication** and selecting **Add a platform**.

Access tokens are required to be set up within a platform.

When setting up the platform, choose the platform type as **Web**, and click next.

Configuring the platform includes setting up the Redirect and Logout URLs as well as selecting ID Tokens to be issued.

Setting the URIs and ID Token generation.

### Redirect URI Starting with Frends 5.7, the Redirect URI must include an OIDC suffix: `signin-oidc-[Application ID]`. Example (Frends 5.6 or earlier): * Redirect URI: `https://myfrendstenant.frendsapp.com` Updated Redirect URI for Frends 5.7+: * Redirect URI: `https://myfrendstenant.frendsapp.com/signin-oidc-3e89b538-f75c-42b5-96f1-402f1ac0a549` Use the earlier saved **Application ID** here instead of the example value. {% hint style="warning" %} **Use your own Application ID**, obtained from Azure Portal for your Application registration, instead of the example value. The example value will not work for you. {% endhint %} ### Logout URL Set the Logout URL to `https://.frendsapp.com/Account/SignOut` , replacing the Tenant's name with your specific Frends Tenant. ### Redirect URI for migrating from old Frends version If you are currently using older Frends version, but plan on migrating to 5.7 or later, you can add the new URI in advance **as an additional URI** to the App Registration to ensure functionality before and after the update.

Example values for migration from old Frends version.

## Configure Frends For Frends to be able to use the Entra ID Application the following information is needed from the registered Application in Azure: * Application ID: e.g. `50549e93-99dd-4690-9948-3c8ec076ddfb` * Tenant: e.g companyname.onmicrosoft.com (Check Azure domain address for example in ) {% hint style="warning" %} **Use your own Application ID**, obtained from Azure Portal for your Application registration, instead of the example value. The example value will not work for you. {% endhint %} Navigate to **Administration -> User Management -> OpenId**, and click on **Create new application**. Insert the vales like in the example, replacing them with your specific values from Azure Portal, Frends Tenant and who should be the administrators.

Example values for an OpenID application registration.

If you are setting up the authentication for Frends versions before 5.7, the OpenID settings might look like the following. Follow the tooltips and the values from the new version for examples on the values to be used.