Configure Authentication with Microsoft Entra ID

This document assumes you are using the Smallstep Agent to manage credentials on your endpoints. It also assumes that you have reached out to Smallstep Support to set this up, and you’ve been issued an OAuth Client ID from Smallstep that you’ll configure inside Entra ID.

Register an application

  1. In the Azure portal search bar, search for "App registrations" and select it
  2. Click "New Registration"
  3. Fill in the required details: For Platform, select "Web" For Redirect URI, enter: https://{your-team-slug}.id.smallstep.com/authorize
  4. Click "Register" Note: Save the Application ID for future use.

Screenshot 2025-02-10 at 5.26.22 PM.png

API permission: Add API permission for application

  1. Choose API Permissions for your newly created app
  2. Choose Add a permission
  3. Choose Microsoft Graph
  4. Choose Delegated permissions
  5. Select openid and profile from the list
  6. Choose Add permissions
  7. Once permissions are added, click on "Grant admin consent for {org-name}"

Screenshot 2025-02-10 at 5.02.03 PM.png