Articles on: Identity Service

Stacktrack IAM Services and Microsoft EntraID(formerly Azure Active Directory) Integration Configuration Guide

This guide provides the technical procedure for integrating StackTrack Identity & Access Management Services with Microsoft EntraID.


As a security requirement, ensure all identifiers and secrets are handled according to your organization's sensitive data policies.


Step 1: Application Registration(In Azure Portal)


The integration begins by establishing a service presence within the Microsoft Azure portal. Navigate to the App Registration blade to initiate the process. At this stage, the Redirect URI is not required for the initial handshake and can be added later during the post-registration configuration(defined in Step 7). To create the application object, click Register.


Microsoft offers the following account types: We recommend using single-tenant; use multi-tenant only if required by your specific use case. We strongly advise against enabling personal Microsoft accounts.


  • Single tenant only - Default Directory: This option restricts access so that only users within your specific organization's directory (the tenant where the app is registered) can sign in to the application. This is typically used for internal line-of-business applications.
  • Multiple Entra ID tenants: This allows users from any Microsoft Entra ID tenant (any organization using Azure/Office 365) to sign in to the stacktack tenants(for example Jenkins).
  • Any Entra ID Tenant + Personal Microsoft accounts: This is the most inclusive option. It allows sign-ins from any organizational Entra ID directory as well as personal Microsoft accounts (such as those used for Xbox, Skype, or Outlook.com). This is used for applications intended for both professional and consumer audiences.









Step 2: Generating Client Credentials(In Azure Portal)


Secure communication between Stacktrack SSO and EntraID requires a client secret.

  1. Navigate to the Client Credentials section.
  2. Select Add Client Credentials.
  3. Click Add to generate the secret.

Note from the Integration Specialist: The Client Secret value keep it secure and safe



Set the client secret expiration as per your orginisation standards.



Step-3: Vital Configuration Parameters(In Azure Portal)



The following technical identifiers are required to uniquely identify your EntraID tenant and the specific application instance within the Stacktrack platform:

  • Client ID: 44459728-2def-4d11-87ce-248fd3c6a02a
  • Client Secret: [The secret value generated and recorded in Step 2]



Step-4: Add Identity Provider(In Stacktrack SSO security admin console)


Navigate to Identity Providers and select OpenID Connect v1.0


Important settings:

  • Choose an alais. Remember this name can't be change once created.
  • Use dicovery endpoint from Azure application endpoints configuration.
  • Client ID and Client Secret from Step-3.
  • Default Scopes set to openid profile email
  • Review other defaults from below screenshots.





Step 5: Groups Claim Configuration(In Azure portal)



To authorize users based on their directory memberships, you must pass group information through the identity token.

  1. Navigate to the token configuration settings and select Add Groups Claim.
  2. Under the claim settings, specifically select Groups.
  3. Click Add to finalize the inclusion of these claims in the SSO token.






Step 6: Mapper Configuration and Object ID Mapping(In Stacktrack SSO security admin console)



Mappers are used to synchronize EntraID groups with the internal group structures of the Stacktrack platform.

  1. Click Add mappers and select the option to create a New Group.
  2. In the EntraID portal, navigate to the Overview blade of the specific security group you wish to sync.
  3. Copy the Object Id for that group.

The Object Id serves as the unique source anchor for the mapping(from Step-5). It must be pasted exactly into the Stacktrack configuration to ensure that directory objects are correctly resolved during the authentication flow.




Step 7: Configure Redirect Uri(In Azure Portal)


App registrations
└── (your application created in step-1)
└── Authentication
└── Add a platform
└── WebThe Redirect URI copied from stacktrack SSO console



Updated on: 30/06/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!