Texada Identity Service (TIS)
      Back to home
      1. Texada Knowledge Base
      2. Support & Troubleshooting
      3. Texada Identity Service (TIS)

      TIS Microsoft Entra / Azure Setup Guide

      How to configure Microsoft Entra ID (formerly Azure Active Directory) for the Texada Identity Service (TIS).

      In This Article

      Introduction

      The following article describes the process of configuring Microsoft Entra ID for integration with the  Texada Identity Service (TIS). This process involves making several configurations via the Microsoft Entra ID portal, and then providing Texada with the information it needs to complete the integration.

      If you are unsure which IdP to use, Texada’s recommendation is to use OpenID Connect or Microsoft Entra/Azure (this article), followed by SAML if the first two options are unavailable.

      Configure Microsoft Entra ID

      To configure Microsoft Entra ID for use with TIS, follow the steps below.

      Create a New Application

      The service previously known as the Azure Active Directory is now called Microsoft Entra ID.

      1. Log in to Microsoft Azure (https://portal.azure.com) with an account that has permission to manage Azure Active Directory. 
      2. Find Microsoft Entra ID from the left menu or from All Services.
      3. Select App registrations under Manage in the left navigation panel. Click the “+ New registration” button to add a new application.
      4. Make the following changes to the Register an application screen:
        1. Choose and enter a name for the application (e.g. “Texada”).
        2. Under the Redirect URI section, select Web as the Platform. 
        3. Enter your Redirect URI. This will change depending on your organization’s region: 
          1. North America: https://us-auth0.texadasoftware.com
          2. Europe: https://eu-auth0.texadasoftware.com
          3. APAC: https://au-auth0.texadasoftware.com 
        4. Click “Register” to save your changes.

      Configure Permissions

      1. Select API permissions from the left navigation menu. 
      2. Click the “Add a permission” button, then select Microsoft Graph.
      3. Click on Delegated permissions. Search for “directory.read.all” under Select permissions, then select it and click “Add permissions” to save your changes.

      Create Client Secret

      1. Select Certificates & secrets from the left navigation menu, then click the “+ New client secret” button.
      2. Enter a description for the key, choose the desired expiry, and click Add.
      3. After saving, the key value will be displayed. Make sure to record the key value and expiration date before leaving this screen; otherwise, you may need to create a new key. You will need to send this information to Texada once configurations are complete; see “Provide Information to Texada Software” for more information.

        We also recommend recording the expiration date in your own calendar, as you will need to renew the key before that date.

      Configure Redirect URIs

      1. Select Authentication from the left navigation menu.
      2. Click the “Add URI” button, then add your login callback URIs. These will change depending on your organization’s region: 
        1. North America
          1. https://us-auth0.texadasoftware.com/login/callback
          2. https://texada.us.auth0.com
          3. https://texada.us.auth0.com/login/callback
        2. Europe
          1. https://eu-auth0.texadasoftware.com/login/callback
          2. https://texada.eu.auth0.com
          3. https://texada.eu.auth0.com/login/callback
        3. APAC
          1. https://au-auth0.texadasoftware.com/login/callback
          2. https://texada.au.auth0.com
          3. https://texada.au.auth0.com/login/callback
      3. Check the “ID tokens (used for implicit and hybrid flows)” option under “Implicit grant and hybrid flows”.
      4. Click Save to save your changes.

        Configure Optional Claims

        1. Select Token configuration from the left navigation menu.
        2. Click the “Add optional claim” button, then select the following 5 claims:
          1.  email
          2. family_name
          3. given_name
          4. Login_hint
          5. upn

        Provide Information to Texada Software

        Please securely provide the following information to Texada Software through Keeper Vault. A free account can be created here.

        1. Application and Directory IDs:
        2. Client secret value (previously saved after creating the client secret) and the expiry date:
        3. Custom domain names:
        4. Domain Aliases (if any).
        5. 2 accounts to be used to test the connectivity without MFA, preferably named as below. These accounts are temporary and will be dropped once the migration is complete.
          • user1@yourdomain.com 
          • user2@yourdomain.com