A new client application in your MS Entra is required.
Go to Application Creation to create a new application.
Choose a relevant name such as 'ABAX SSO'.
Choose Single Tenant as the Supported account types option.
In Redirect URI section select Web and provide the following link: https://auth.abax.cloud/ui/login/login/externalidp/callback
Click Register.
A client secret is required for us to access the application.
In your newly created application go to Manage, then Certificates & secrets.
Click New client secret, enter a description, expiry date and add the secret.
Save the value of the secret after it is created. You will not be able to see this value again. If you lose the secret before you configure SSO in ABAX, you will have to create a new one.
Some information needs to be included in the authentication token when it's sent to ABAX.
Go to Manage, then Token configuration.
Click Add optional claim.
Select ID as the token type and select email as claim.
ABAX needs some API permissions for the application, to authenticate and read user details.
Go to Manage, then API Permissions.
Add email, profile, User.Read and openid from Microsoft Graph permissions.
In the SSO configuration wizard, select Microsoft Entra ID (OIDC authentication).
Enter the Application (client) ID (go to Overview, you can find it in the Essentials section) and Client Secret (created in Add client secret step).
Click Finish.
Your configuration details will be shown after ABAX has configured your installation. Verify that the configuration works correctly by logging out and logging in again via SSO.
