How to Setup Microsoft Entra ID Authentication on a Switchboard

  Version 6.0

Applies to Platform: Switchboard 6.8.x
Last update: 24 Apr 2025

A new major feature for the Endian Switchboard in 6.8.x is support for single sign-on (SSO) authentication utilizing OAuth 2.0 protocol for users to sign in to the platform. This includes support for just-in-time (JIT) provisioning which means users are both authorized for proper permission and onboarded to the platform. This means a user who has never logged in to the Switchboard will be able to do so granted he/she has the proper permissions and onboarding rules. In addition, each successive login attempt by a user results in the permissions and rules being checked each time which ensures changes are always synced increasing user and permission management efficiency.

Requirements

Before you begin you will need the following in order to complete this process:

1. Microsoft Entra ID account with administrative policies or sufficient permission to create/manage a new app registration. You can learn more about Entra ID roles here.
   
   
2. An Endian Switchboard that is already setup and accessible on a public IP or FQDN.
   
   
3. An account with administrative access on the Endian Switchboard.
   
   

Setup Microsoft Entra ID App

Login to your Microsoft Entra ID account by going to https://entra.microsoft.com

Go to Identity > Application > App registrations and select New registration

1. Name:  Give your app a descriptive name
2. Supported account types:  You can choose from Single tenant and Multitenant options shown above (the other options are not currently supported)
3. Redirect URI:  You can leave this blank for now as you will come back later to fill this field
4. Click Register to create the app

Copy the App Info

Once done, you should be on the application Overview page where you should make note (or copy) the following values related to this application:

1. Application (Client) ID
2. Directory (Tenant) ID

Create Client Secret

In the application overview page, select Certificates & secrets and click New client secret

1. Description:  Enter a descriptive name for this secret
2. Expires:  Select an expiration date for when this secret expires
3. Click Add to add the secret. A new window will appear to display the secret value and you must copy, save and/or print this value before you close the window.

Add Application API Permissions

In the application overview page, select API permissions and click Add a permission.

• Choose Microsoft Graph
• Then select Application permissions and add the following scopes:
  • • User.ReadAll
    • Group.ReadAll
    • Directory.ReadAll
    • Application.ReadAll

Add Delegated API Permissions

In the application overview page, select API permissions and click Add a permission.

• Choose Microsoft Graph
• Then select Delegated permissions and add the following scopes:
  • User.ReadAll
  • Group.ReadAll

Finally, click Grant admin consent to approve on behalf of all users.

 

Setup Switchboard Configuration

In the Switchboard Administration web interface (https://<green ip>:10443) navigate to Authentication > Providers and click the New provider button

1. Connection Type:  Select OAuth/OpenID
2. OAuth Provider:  Select Entra ID
3. Click Setup connection to proceed to the next step

1. Name:  Enter a descriptive name for the connection
2. Application (client) ID:  Enter the application (client) ID from the Entra ID App Overview page
3. Tenant ID:  Enter the directory (tenant) ID from the Entra ID App Overview page
4. Client Secret:  Enter the client secret generated from the Certificates and secrets page
5. Click Create in order to validate the connection. You should see a success message if everything is entered correctly; otherwise you will get a failure message where you can then correct the issue.

.   

Map the Provider to the Service

Navigate to Authentication > Services and click edit on the Switchboard service

Select the OAuth tab and select Add OAuth provider

1. Select the Entra ID provider you previously created by click the  button
2. Click Continue to save your selection

Configure the Callback URI

You should be directed back to the Edit Switchboard service page. Here you can click the Copy callback URI button to copy the URL into your clipboard automatically.

 

Once done, you then need to go back to your Entra ID admin page to enter this value in order for the app to know where to redirect the client after authentication. From the App Overview page, you can click the Add a Redirect URI link.

Next paste the Callback URI value copied from the Endian Services page

 

Validate a Successful Login

At this point, you can now access the Switchboard portal and attempt to sign in using Entra ID as your authentication mechanism. The proper flow is displayed below in the image.

 

Next Steps

• How to Setup User Onboarding with any OAuth Provider
• How to Setup Users and Devices on the Switchboard
• How to Setup Applications on the Switchboard
• How to Connect a Security Gateway to a Switchboard - Manual
• How to connect to Endian Switchboard using Endian Connect App