How to set up Entra ID for Frends

We strongly recommend using your own Entra ID (Azure AD authentication) to manage your Frends users.

The following steps explain how to get started.

Requirements

In order to set up Entra ID for Frends login, you will need access to Azure Portal to manage your Entra ID, in order to set up an app registration there.

You will also need administrator rights to your Frends Tenant in order to create the OpenID Connect Application.

Alternatively, you can provide this guide and the mentioned details to your Azure and/or Frends administrators to set up the flow.

Set Up an Application in Azure

First, you will need to set up the application in the Azure instance where the users you wish to authenticate are registered.

You can additionally follow the instructions from Microsoft, along with this guide.

Create an Application

Go to Azure Portal using an account that can register new applications in the directory, and go to Microsoft Entra ID > Manage > App registrations, and click New registration.

Give the app a unique name, and choose suitable supported account type. By default the top option gives access to company's users in single tenant configuration.

Application and Tenant ID

Find your newly created application and go to its Overview page, if you didn't land on it by default. Copy the values of these fields and save them for use.

• Application (client) ID

• Directory (tenant) ID

Enable ID Tokens

To use the authentication you need to set the response from the application to contain an ID token. When viewing the created App registration, you can access the authentication options by navigating to Manage > Authentication and selecting Add a platform.

When setting up the platform, choose the platform type as Web, and click next.

Configuring the platform includes setting up the Redirect and Logout URLs as well as selecting ID Tokens to be issued.

Redirect URI

Starting with Frends 5.7, the Redirect URI must include an OIDC suffix: signin-oidc-[Application ID].

Example (Frends 5.6 or earlier):

• Redirect URI: https://myfrendstenant.frendsapp.com

Updated Redirect URI for Frends 5.7+:

• Redirect URI: https://myfrendstenant.frendsapp.com/signin-oidc-3e89b538-f75c-42b5-96f1-402f1ac0a549

Use the earlier saved Application ID here instead of the example value.

Logout URL

Set the Logout URL to https://<myfrendstenant>.frendsapp.com/Account/SignOut , replacing the Tenant's name with your specific Frends Tenant.

Redirect URI for migrating from old Frends version

If you are currently using older Frends version, but plan on migrating to 5.7 or later, you can add the new URI in advance as an additional URI to the App Registration to ensure functionality before and after the update.

Configure Frends

For Frends to be able to use the Entra ID Application the following information is needed from the registered Application in Azure:

• Application ID: e.g. 50549e93-99dd-4690-9948-3c8ec076ddfb

• Tenant: e.g companyname.onmicrosoft.com (Check Azure domain address for example in https://portal.azure.com/#settings/directory)

Navigate to Administration -> User Management -> OpenId, and click on Create new application.

Insert the vales like in the example, replacing them with your specific values from Azure Portal, Frends Tenant and who should be the administrators.

If you are setting up the authentication for Frends versions before 5.7, the OpenID settings might look like the following. Follow the tooltips and the values from the new version for examples on the values to be used.