/
Federating using Entra ID (Azure) through Admin Center

Federating using Entra ID (Azure) through Admin Center

Description of Issue

Federating using Entra ID (Azure) through Admin Center

Context
  • Federation

  • Entra ID (Azure)

  • Tyler Identity Workforce

  • Admin Center

  • Organization Admin

  • Okta

  • Identity Provider

Cause

Needing to Federate using Entra ID

Resolution

Federation (client side)

  1. Log in to your organization’s Entra ID Portal https://entra.microsoft.com

  2. From the left-side navigation pane, expand Identity>Applications and select App registration

  3. From the App Registrations section, click the + New registration button at the top of the page.

  4. In the Register an application screen, make the following changes:

    1. Name: TylerIdentityWorkforceIntegration

    2. Supported Account Type: select accounts in this organizational directory only

    3. Redirect URL (Select a platform) drop-down box: select Web

    4. Redirect URL textbox:
      https://tyler-<customeridentifier>.okta.com/oauth2/v1/authorize/callback

  5. From the Overview page, copy the Application (client) ID, Directory (tenant) ID

  6. Select Certificates & secrets from the Manage section of the navigation bar

  7. Ensure the Client Secrets tab is select and click the + New client secret button

  8. In the Add a client secret pop-up window, enter the following:

    1. Description: TylerIdentityWorkforceIntegration

    2. Expires: 730 days (24 months). Note: While Tyler recommends setting the expiration period as long as possible to reduce the need to reconfigure your federation in TID-W when the secret expires, Always consult your own internal security posture for the best recommendation

    3. Click the Add button when finished

  9. Ensure you are returned to the Certificates and Secrets section with the Client secrets tab selected, find the secret Value and click Copy

Admin Center 

  1. Log into Admin Center using How to gain Org Admin access to Admin Center

  2. Navigate to Settings > Domains to add the desired authentication domains

  3. Navigate to Identity workforce > identity providers > Add a new provider > Azure 

  4. Input Azure information 

    1. Name - Tylertown, ME

    2. Client ID - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

    3. Client Secret - can vary in length and characters 

    4. Secrets expiration - MM/DD/YYYY

    5. Email Domains - Authenticating domains for Entra 

    6. Azure Tenant ID - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

  5. Select Save

Additional Information

 

Related content

Update OIDC Client Secret Only in Admin Center
Update OIDC Client Secret Only in Admin Center
More like this
How to renew expired certificate or secret using Reestablish Federation
How to renew expired certificate or secret using Reestablish Federation
More like this
Federating using Google through Admin Center
Federating using Google through Admin Center
More like this
Tyler Identity Sign-in for Employees and Non-employees
Tyler Identity Sign-in for Employees and Non-employees
More like this
Okta 400 Bad Request Identity Provider OIDC Error Code invalid_social_token
Okta 400 Bad Request Identity Provider OIDC Error Code invalid_social_token
More like this
Employee Access - failed to retrieve authentication token from identity provider 401 unauthorized
Employee Access - failed to retrieve authentication token from identity provider 401 unauthorized
More like this