Exact Synergy Enterprise

How-to: Retrieving information for Microsoft Entra ID

Introduction

This document describes the steps to retrieve the information for Microsoft Entra ID.

Scope

This document describes the method to retrieve the information for Microsoft Entra ID.

Retrieving the information for Microsoft Entra ID

This section describes where and how you can retrieve the necessary information when using Microsoft Entra ID. Firstly, go to https://portal.azure.com/#home.

Authority

1. Go to Microsoft Entra ID.
2. Click the active directory.
3. Click App registrations.
4. Click Endpoints.
5. Check the value displayed at WS-FEDERATION SIGN-ON ENDPOINT.
6. The Authority value is the WS-FEDERATION SIGN-ON ENDPOINT value without the “wsfed” part, but including the trailing slash. For example, the WS-FEDERATION SIGN-ON ENDPOINT value is “https://login.microsoftonline.com/{TenangID}/wsfed”, and the Authority value is “https://login.microsoftonline.com/{TenantID}/”.

Keep in mind: The Authority value does not include “wsfed” but it requires the trailing slash.

Authorisation Endpoint

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click Endpoints.
5.  Copy the value at OAUTH 2.0 AUTHORISATION ENDPOINT.

Token Endpoint

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click Endpoints.
5.  Copy the value at OAUTH 2.0 TOKEN ENDPOINT.

Resource / APP URI ID / Allowed Audience / Audience URI / Realm

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click the application to open it.
5.  Click Expose an API.
6.  The value at Application ID URI is the Resource, APP URI ID, Allowed Audience, Audience URI, or the Realm value.

Client ID (Native)

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click the Native application to open it.
5.  The value at Application (client) ID is the Client ID.

Client ID (Web)

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click the Web app / API application to open it.
5.  The value at Application (client) ID is the Client ID..

Client secret

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click the Web app / API application to open it.
5.  Click Certificates & secrets.
6.  Click New client secret.
7.  Type “ClientSecret” at Description.
8.  Select Never at Expires.
9. Click Add.
10.  Copy the value at Value. The value will be your client secret.

Note:

•  The value is available only after Add is clicked. Remember to copy the value. If you have lost the value, delete the existing key, and create the key again.
•  Client secret is only needed when using the OAuth 2.0 protocol. When using SAML, this is not needed.

Thumbprint

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click Endpoints.
5.  Copy the value at FEDERATION METADATA DOCUMENT and open it in a new browser window.
6. Locate the first <X509Data><X509Certificate> element, and copy the value.
7. Paste it in Notepad or Notepad++. Ensure that you do not paste extra characters, such as spaces.    
8. Save the file with the *.cer extension, for example, “key1.cer”.
9. Double click the file with the .cer extension saved in step 8.
10. Open the Details tab.    
11. Scroll down and select the Thumbprint row.
12. Copy the value and remove all spaces.
13.  Convert the value to uppercase. This can be done in Microsoft Word via the Change case function in the Home tab.
14.  You do not have to install the certificate and can close the certificate screen and delete the file with the .cer extension.

Keep in mind: If you highlight and copy the value, you may be copying some hidden characters. Remove the hidden characters by deleting the value from the beginning, and retyping the value.

Metadata

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click Endpoints.
5.  The value at FEDERATION METADATA DOCUMENT is the Metadata value.

WS Fed Issuer

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click Endpoints
5.  Check the value displayed at WS-FEDERATION SIGN-ON ENDPOINT.
6.  The WS-Fed issuer value is the WS-FEDERATION SIGN-ON ENDPOINT value. For example, “https://login.microsoftonline.com/{TenantID}/wsfed”.

SAML Issuer Name

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3.  Click App registrations.
4.  Click Endpoints
5.  Check the value displayed at WS-FEDERATION SIGN-ON ENDPOINT.
6.  The SAML Issuer Name value is the WS-FEDERATION SIGN-ON ENDPOINT value without the “wsfed” part, but including the trailing slash and a different first part of the URL. For example, the WS-FEDERATION SIGN-ON ENDPOINT value is “https://login.microsoftonline.com/{TenantID}/wsfed”, and the SAML Issuer Name value is “https://sts.windows.net/{TenantID}/”.

Keep in mind: The SAML Issuer Name value does not include “wsfed” but it requires the trailing slash and a different first part of the URL.

Reply

1.  Go to Microsoft Entra ID.
2.  Click the active directory.
3. Click App registrations.
4.  Click the application to open it.
5.  Click Authentication.
6.  This is your Reply value.

Note: The value should be in the lowercase and should include the trailing slash, for example “http://domain/synergy/”.

Related document

• Getting started with Federated Identity (FID)