Setup Microsoft Entra ID Single Sign-On (SSO)
This article will show you a comprehensive step-by-step guide on how to configure authentication for your Casebase app so that your app can enroll users using the Microsoft identity platform (Microsoft Entra) as an authentication provider via single sign-on.
This includes creating and re-registering a new app (casebase.ai) in the Microsoft Entra ID Admin center, adding authorization rights, and finally, setting up your Microsoft Entra ID SSO in your Casebase app settings.
Ensure you have the appropriate Microsoft Entra ID administration roles (consultation with your IT recommended) and the Casebase admin role to perform these setups.
How to setup a Microsoft Entra ID SSO within Casebase?
#1 Creating a New App in Microsoft Entra
- Sign In into your Microsoft Entra admin center.
If you have access to multiple tenants, use the settings icon at the top of the menu to switch to the tenant in which you want to register the application from the Directories + Subscriptions menu. - Navigate to App registrations
(Identy > Applications > App registrations) - Click
- Create New App Registration:
- Enter a name for your app (e.g. Casebase SSO).
- Choose the supported account types
(e.g., accounts in this organizational directory only). For a description of the different account types, see the Register an application. - Do NOT enter a Redirect URI. This configuation follows in the next part.
- Complete the app registration by clicking on .
Info: Note down the Application (client) ID and Directory (tenant) ID displayed on the overview page.
#2 Register Redirect URI (your Casebase reply URL)
- Navigate once again to App registration in the Microsoft Entra admin center
(Identy > Applications > App registrations) - Select the app (Casebase SSO) you created in the step before.
- Select in the app side menu, under the Manage section
- Here you can now
- Under Web applications, select the tile.
- Under Redirect URIs, enter your specific Casebase redirect URI.
(e.g. https://[your domain].casebase.ai/)
Do NOT select either checkbox under Implicit Grant and Hybrid Flows. - Select to finish adding the redirect URI.
#3 Add App Permissions
- Navigate once again to App registration In the Microsoft Entra admin center
(Identy > Applications > App registrations) - Select the app
(e.g. Casebase SSO) - Select in the app side menu, under the Manage selection,
-
- Under Client secrets, select ,
- Enter a description of your new client secret (e.g. Graph API access for Casebase)
- Select an expiration date on which the secret is to be renewed. (e.g. 12 months)
- Click to complete the new client secret set up
- Important: Copy the secret value that is now displayed and save it in a safe place in the meantime so that you can use it in a later step.
-
- Go to API Permissions under the Manage section in the sidebar.
-
- Select .
- Select Microsoft Graph.
- In the section Request API permissions, select .
- Search for “user” in the search bar
- Under the User drop down, check User.Read.All,
- Select .
- Grant Admin Consent for the permission added. Refer to this link for details
-
#4 Set up SSO in Casebase
- Open a new browser tab with your Casebase App
- Navigate to the company settings (gear-icon in the upper right corner)
Note: If this icon is not displayed, you do not have admin rights and cannot set up the SSO in Casebase.) - Navigate to in the company settings side menu and than select
- Add Mircosoft SSO configuration credentials in the provided input fields
-
- Enter the Application (client) ID
If not cached, you will find this in Microsoft Entra ID > Identity > Applications > App registrations > Casebase SSO > Overview page - Enter the Directory (tenant) ID
If not cached, you will find this in Microsoft Entra ID > Identity > Applications > App registrations > Casebase SSO > Overview page - Enter the secret value (client secret)
You made a note of this in Step 3.3 or you have to repeat Step 3.3 again.
- Enter the Application (client) ID
-
- the settings.
