RoadmapFrends

How to set up Entra ID for Frends

How to set up your own Entra ID for logging in to Frends.

We strongly recommend using your own Entra ID (Azure AD authentication) to manage your Frends users.

The following steps explain how to get started.

Requirements

In order to set up Entra ID for Frends login, you will need access to Azure Portal to manage your Entra ID, in order to set up an app registration there.

You will also need administrator rights to your Frends Tenant in order to create the OpenID Connect Application.

Alternatively, you can provide this guide and the mentioned details to your Azure and/or Frends administrators to set up the flow.

Set Up an Application in Azure

First, you will need to set up the application in the Azure instance where the users you wish to authenticate are registered.

You can additionally follow the instructions from Microsoft, along with this guide.

Create an Application

Go to Azure Portal using an account that can register new applications in the directory, and go to Azure Active Directory > App registrations, and click New registration.

Creating a new app registration in Azure.

Give the app a unique name. We will come back later to set the Redirect URI, once we know the Application ID for this App registration.

Initial settings for app registration.

Enable ID Tokens

To use the authentication you need to set the response from the application to contain an ID token. This can be done by navigating to Manage > Authentication and enabling the ID tokens (used for implicit and hybrid flows) option. Remember to click Save.

Access tokens are required to be set up here.

Application and Tenant ID

Find your newly created application and go to its Overview page. Copy the values of these fields and save them for use.

  • Application (client) ID

  • Directory (tenant) ID

Take note of these values for adding the registration to Frends later.

Redirect URI

Still in the Azure portal, go to Manage → Authentication and modify the created App Registration's Redirect URI.

Starting with Frends 5.7, the Redirect URI must include an OIDC suffix: signin-oidc-[Application ID].

Example (Frends 5.6 or earlier):

  • Redirect URI: https://myfrendstenant.frendsapp.com

Updated Redirect URI for Frends 5.7+:

  • Redirect URI: https://myfrendstenant.frendsapp.com/signin-oidc-3e89b538-f75c-42b5-96f1-402f1ac0a549

Use the earlier saved Application ID here instead of the example value.

If you are currently using older Frends version, but plan on migrating to 5.7 or later, you can add the new URI in advance as an additional URI to the App Registration to ensure functionality before and after the update.

Example values for new Frends versions.

Configure Frends

For Frends to be able to use the AD Application the following information is needed from the registered Application in Azure:

Navigate to Administration -> User Management -> OpenId, and click on Create new application.

Insert the vales like in the example, replacing them with your specific values from Azure Portal, Frends Tenant and who should be the administrators.

Example values for an OpenID application registration.

If you are setting up the authentication for Frends versions before 5.7, the OpenID settings might look like the following. Follow the tooltips and the values from the new version for examples on the values to be used.

Example of Frends 5.6 OpenID settings.
PreviousHow to use OAuth Client Credentials for Frends APINextCreating new Environments & Agent Groups

Last updated

Was this helpful?