Skip to content

AzureAD changes [IN:12260] #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
simonhbor merged 1 commit into from
Mar 18, 2026
Merged

AzureAD changes [IN:12260] #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions docs/HowTo-Guides/Login-providers.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,25 @@ For more information about using login providers see the [admin guide](../Spira-

The "Client Secret" field is very sensitive so do not share it. Once you enter it in Spira you will not be able to access it again. Store it somewhere safely, like a password manager, if required.

## Azure AD
To set up an Azure AD provider app with Spira you will need an Azure account with Azure AD set up with users as needed. For the steps below we have assumed Azure AD is set up in relatively standard way.
## EntraID (former Azure AD)
Comment thread
simonhbor marked this conversation as resolved.
To set up an EntraID provider app with Spira you will need an EntraID (formerly Azure AD) account with EntraID set up with users as needed. For the steps below we have assumed EntraID is set up in relatively standard way.

**First, you need to set up the app registration**, this app will give your users a specific connection to Spira.
When creating an app registration you should:

1. Go to Azure AD
1. Go to EntraID
2. Click "App Registrations" from the sidebar on the left, then "New Registration" from the top of the page
3. Enter a meaningful name
4. Select which type of accounts to support. There are 3 options (as of March 2020). Pick the one that makes sense for your organization. 
4. Select which type of accounts to support. There are 4 options (as of March 2026). Pick the one that makes sense for your organization. 
5. **Enter a Redirect URI of type Web**:
- this should be the full URL as shown at the bottom of the Azure AD provider page in Spira and **must** be HTTPS.
- Note: Azure AD lets you add many redirect URIs but in our testing only the one we entered the very first time seemed to work - hopefully you will have better luck than us
- this should be the full URL as shown at the bottom of the EntraID provider page (https://MYINSTANCEURL.spiraservice.net/oauth) in Spira and **must** be HTTPS.
- Note: EntraID lets you add many redirect URIs but in our testing only the one we entered the very first time seemed to work - hopefully you will have better luck than us
6. Once the app registration has been completed you will be taken to the App Registration Overview screen for this app.
7. You will need to enter the "Application (Client) ID" into Spira as your Client ID
8. By default, the permissions of the app include Microsoft Graph > User.Read. This is the only required permission by Spira
9. To generate the secret key for Spira go to "Certificates and Secrets" and create a "New Client Secret"
- Give it a name
- Set an expiry
- Set an expiry period
- Make sure to copy and safely store the generated secret as once it is created you will not be able to retrieve it again
10. To enter the provider information into Spira you will need 3 URLs. Go to the app registration overview page and click "Endpoints" to see all the possible URLs.
1. Authorization URL = "OAuth 2.0 authorization endpoint (v2)" url
Expand Down
6 changes: 3 additions & 3 deletions docs/Spira-Administration-Guide/System-Users.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ Select the checkbox of any users you want to import and click "Import" to comple
## Login Providers
You can connect your organization's identity provider for Single Sign On (SSO) authentication with Spira. This works for both on premise and cloud versions of the application. We currently support integration with:

- [Azure AD](../HowTo-Guides/Login-providers.md/#azure-ad)
- [EntraID (former Azure AD)](../HowTo-Guides/Login-providers.md/#azure-ad)
- [Github](../HowTo-Guides/Login-providers.md/#github)
- [Gitlab](../HowTo-Guides/Login-providers.md/#gitlab)
- [Google](../HowTo-Guides/Login-providers.md/#google)
Expand All @@ -155,7 +155,7 @@ Note that you can only deactivate a provider that does not have any users linked

Once you have setup a login provider, users will see a button for that provider on the Spira login page:

![user administration login provider details page for AzureAD](img/System_Users_oauth-admin-provider-AzureAD.png)
![user administration login provider details page for EntraID (former Azure AD)](img/System_Users_oauth-admin-provider-EntraID (former Azure AD).png)

### How to set up a provider to integrate with Spira
Below is a general set of instructions about how to set up the provider and Spira to work together. However, the providers may have changed their process or documentation, so please consult the provider about configuring their system.
Expand All @@ -168,7 +168,7 @@ Below is a general set of instructions about how to set up the provider and Spir
- Use the "Return URL" from above in the field called something like return URL, callback URL, redirect URL
- A guide to set up each provider, and the specific permissions they each need are available here:

- [Azure AD](../HowTo-Guides/Login-providers.md/#azure-ad)
- [EntraID (former Azure AD)](../HowTo-Guides/Login-providers.md/#azure-ad)
- [Github](../HowTo-Guides/Login-providers.md/#github)
- [Gitlab](../HowTo-Guides/Login-providers.md/#gitlab)
- [Google](../HowTo-Guides/Login-providers.md/#google)
Expand Down