To create a new 6clicks application (type: SPA OpenID Connect) in Microsoft Entra ID, you will need administrative permissions. The entire setup falls under Azure Active Directory in your Azure portal. The steps are:
-
- Authentication
- Set 6clicks Roles
- Branding & Properties
- Configure the Enterprise Application
- Assign Groups to the Roles
-
- Copy Client ID
- Copy Issuer URI
- Enter information in 6clicks
- Enable Login from Azure Dashboard
1. Register the Application
In your Azure portal, head to Azure Active Directory → App registrations → New registration.
Enter the application name (e.g. 6clicks - tenant name) and choose register.
Authentication
From the Authentication menu, choose ‘add a platform' and choose Single Page Application (SPA)”
-
Redirect URIs: from your 6clicks SSO dashboard.
-
Front-channel logout URI: from your 6clicks SSO dashboard.
-
ID tokens: select.
Add in the callback URI from your 6clicks SSO dashboard.
Setup 6clicks Roles
The next step is setting up the 6clicks roles, which will appear in the tokens as a part of the SSO process. This is done in the App roles menu:
-
Display name: This is a free format, we suggest using the 6clicks role name.
-
Allowed member types: Users/groups.
-
Value: The group name you set up in Entra should follow the group name you are mapping to in 6clicks in the following format, 6clicks-role-<role name>. Some examples are:
-
6clicks-role-Administrator
-
6clicks-role-Users
-
6clicks-role-CustomRole1
-
-
Description: This is a free format: we suggest a description that explains what this is and how it is used.
Ensure the checkbox to enable the app role is checked. Once complete, click Apply to proceed.
Branding & Properties
On this page, selected in the side menu, you can add in terms of services URIs, and upload a logo. This is, for the most part, optional.
You can download the 6clicks logo from our Media Kit here.
2. Configure the Enterprise Application
In the Azure Active Directory Menu → Enterprise Applications → search and find your new 6clicks application.
Assign Groups to the Roles
Next, select Users and Groups → add user/group.
Match up users or groups to the roles you have already defined.
3. Configure SSO in 6clicks
Head back to the App Registrations menu → Overview for your new app. You will need to copy the below information to enter into 6clicks.
Copy Client ID
The application (client) ID is on this screen.
Copy Issuer URI
The issuer URI is under the Endpoints submenu. The value of issuer URL should be the value of 'OpenID Connect metadata document' field in the 'Endpoints' screen but without the '/.well-known/openid-configuration'. Per below example; the issuer URL would be https://login.microsoftonline.com/c23cd644-3174-4e6e-b486-65f047dd58b4/v2.0
It's usually https://login.microsoftonline.com/{tenantId}/{}
Enter Information in 6clicks
Once you have the Issuer URL and the Client (application) ID, head back to 6clicks to finish the 6clicks SSO setup.
Select Microsoft Azure AD from the drop-down menu.
Enter your Issuer URL, Client (application) ID, and domains used to login.
If your organization has multiple domains, you will need to enter them in the Domain box below. To add multiple domains please enter the domain name and press enter.
4. Enable Login from Azure Dashboard
Using the search bar (or heading back to your dashboard) head over to Enterprise Applications.
.png?width=688&height=313&name=MicrosoftTeams-image%20(2).png)
Find your app by searching.
.png?width=688&height=311&name=MicrosoftTeams-image%20(3).png)
Open the app > Go to properties > Select 'Yes' for Visible to users.
Update the Homepage URL to https://{6clicks host name}/account/initiate-sso?clientId={client Id of application}.
In some instances, the Homepage URL is entered instead within App Registrations > Branding & Properties.
Then head to https://myapplications.microsoft.com/ and you should be able to see your Apps. It can take a few minutes (even up to 10-15 minutes) for them to show up.