You can allow users to log in to Haiilo with their Microsoft credentials. To enable the login, you need to complete steps both in Microsoft Entra ID and in Haiilo's Administration.
Set up an app registration in Microsoft
You need admin rights in your Microsoft Entra ID account to generate and obtain the required Client ID and Secret.
Create an app
- Log in to the Microsoft Azure Platform.
- Go to Microsoft Entra ID > App registrations > New registration
- Give your app a name, e.g., Haiilo
- For Supported account types, choose Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)
- Select Register
- On the app Overview page, copy and save the Application (client) ID and Directory (tenant) ID for later use
Create a Client Secret and define API permissions
- Create Client Secret
- Go to Certificates & secrets > Client secrets
- Select New client secret
- Enter a description and choose when the secret expires.
- After a secret expires, you need to generate a new secret and update it in Haiilo for the connection to remain valid. We recommend setting up a reminder to renew the secret before it expires.
- Select Add
- Copy the secret Value for later use. It is recommended to store the secret in a secure location.
- Define API permissions
- Go to API permissions
- Select Add a permission > Microsoft Graph > Delegated permissions
- Add the following API permissions:
offline_access
openid
User.Read
- If you will also be using a Microsoft Graph user directory, the required permissions for the directory sync can be granted at the same time or added later. You can find these permissions in User directory: Microsoft Graph.
- If you will also be using the Microsoft add-on features, the required permissions for the add-on can be granted at the same time or added later. You can find these permissions in Activating the Microsoft add-on features.
- Select Grant admin consent for app_name for the added permissions and ensure the status for all permissions is marked Granted for your_tenant.
Keep the browser tab for Microsoft Entra ID open, so you can add the request URL after setting up the connection in Haiilo.
Set up a new authentication provider in Haiilo
You need "Manage authentication providers" permission to set up an authentication provider in Haiilo.
- In Haiilo, go to Administration > Authentication
- Select Create authentication provider
- Enter a name. The name is displayed to users on the login screen after "Authenticate with".
- Select type OpenID Connect
- Check Active. You can also leave it unactivated for now and activate it only later when the setup is fully completed.
- Decide if you want to use automatic login, which automatically redirects to the identity provider after 3 seconds.
- Decide whether this authentication provider sends session emails for new logins.
- Select a preset:
- Microsoft 365: Select if you're only using the basic Microsoft integration features
- Microsoft 365 + Integration: Select if you're using the basic and add-on Microsoft integration features.
- Input the Application (client) ID that you copied from Microsoft Entra ID into the Client ID field
- Input the Client Secret Value that you copied from Microsoft Entra ID into the Client Secret field
- Input the Directory (tenant) ID that you copied from Microsoft Entra ID into the Tenant ID field
- We recommend keeping the preset fields untouched.
- Select Save to create the authentication provider
- Select Edit on the newly created provider
- Copy the Redirect URL that appears at the bottom of the setup page
Update Redirect URL in Entra ID
After configuring the authentication provider in Haiilo, you can add the redirect URL in Microsoft Entra ID.
- In Microsoft Entra ID, select the app you created earlier > Authentication
- Select Add a platform > Web
- Enter the copied redirect URL from Haiilo in the Redirect URIs field
- Select Configure
Now, if the authentication provider is activated in Haiilo and your users are synced from Microsoft, they can log in to your platform with their Microsoft credentials.