| title | description | author | manager | ms.service | ms.subservice | ms.topic | ms.date | ms.author | ms.reviewer | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|
Add an OpenID Connect-based single sign-on application |
Learn how to add OpenID Connect-based single sign-on application in Microsoft Entra ID. |
omondiatieno |
CelesteDG |
entra-id |
enterprise-apps |
concept-article |
05/22/2024 |
jomondi |
ergreenl |
enterprise-apps |
Add an application that supports OpenID Connect (OIDC) based single sign-on (SSO) to your Microsoft Entra tenant.
We recommend you use a nonproduction environment to test the steps in this page.
[!INCLUDE portal updates]
To configure OIDC-based SSO, you need:
- A Microsoft Entra user account. If you don't already have one, you can Create an account for free.
- One of the following roles: Cloud Application Administrator, Application Administrator, or owner of the service principal.
When you add an enterprise application that uses the OIDC standard for SSO, you select a setup button. When you select the button, you complete the sign-up process for the application.
To configure OIDC-based SSO for an application:
-
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
-
Browse to Identity > Applications > Enterprise applications > All applications.
-
In the All applications pane, select New application.
-
The Browse Microsoft Entra Gallery pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Applications listed in the Featured applications section have icons indicating whether they support federated SSO and provisioning. Search for and select the application. In this example, SmartSheet is being used.
-
Select Sign-up. Sign in with the user account credentials from Microsoft Entra ID. If you already have a subscription to the application, then user details and tenant information is validated. If the application isn't able to verify the user, then it redirects you to sign up for the application service.
:::image type="content" source="media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png" alt-text="Complete the consent screen for an application." lightbox="media/add-application-portal-setup-oidc-sso/oidc-sso-configuration.png":::
-
Select Consent on behalf of your organization and then select Accept. The application is added to your tenant and the application home page appears. To learn more about user and admin consent, see Understand user and admin consent.
Learn more about planning a single sign-on deployment.
[!div class="nextstepaction"] Plan single sign-on deployment