Setting up single sign-on in Qvalia using entra ID, formerly Azure Active Directory. Technical experience and admin permission is required.
SSO for your Qvalia account is configured using Entra ID. SSO will be enabled for all Qvalia users in your organization.
Register a new client
- Browse to the App registration menus and create dialog to create a new app.
- Give the application a name and choose who should be able to login (Single-Tenant).
- Choose "Web" in the redirect uri field and add the URL:
https://qvalia-xsmzae.zitadel.cloud/ui/login/login/externalidp/callback. - Save the Application (client) ID and the Directory (tenant) ID from the detail page.
Add client secret
- Generate a new client secret to authenticate your user.
- Click on client credentials on the detail page of the application or use the menu "Certificates & secrets".
- Click on "+ New client secret" and enter a description and an expiry date, add the secret afterwards.
- Copy the value of the secret. You will not be able to see the value again after some time.
Token configuration
- Click on Token configuration in the side menu.
- Click on "+ Add optional claim".
- Add email, family_name, given_name and preferred_username to the id token.
API permissions
- Go to "API permissions" in the side menu.
- Make sure the permissions include "Microsoft Graph": email, profile and User.Read
- The "Other permissions granted" should include "Microsoft Graph: openid"
Final step
Send the following credentials to Qvalia:
- Application (client) ID
- Directory (tenant) ID
- Client secret